Splunk 7. x Quick Start Guide : Gain Business Data Insights from Operational Intelligence.

Cover -- Title Page -- Copyright and credits -- Dedication -- About Packt -- Contributors -- Table of Contents -- Preface -- Chapter 1: Introduction to Splunk -- What is Splunk? -- Splunk products -- The history of Splunk -- Installing Splunk for free -- Splunk components -- Splunk processing tiers -- Splunk events -- Splunk information resources -- Summary -- Chapter 2: Architecting Splunk -- Selecting a Splunk configuration -- Data collection - data inputs -- Data collection - concurrent searches -- Distributed versus clustered Splunk environments -- Replication and search factor -- Replication factor -- Search factor -- Hot/warm and cold buckets -- Search head clusters -- Making a design decision -- Selecting Splunk hardware options -- Performance considerations -- Making a hardware selection -- Disk-sizing calculations -- Summary -- Chapter 3: Installing and Configuring Splunk -- Installing Splunk Enterprise -- Installing Splunk on Linux -- Linux settings -- User-group - environment settings -- ulimits -- Transparent huge pages -- Starting Splunk -- Starting on reboot -- Stopping Splunk -- Installing Splunk on Windows server -- Disabling antivirus software -- Installing Splunk with a short pathname -- Installing Splunk via the GUI -- Stopping and starting Splunk on Windows -- Synchronization of system clocks -- Configuring Splunk components -- Splunk directory structure -- Configuration file precedence -- Splunk installation checklist -- Component and IP address list -- Installation steps -- Individual component configurations -- License master and cluster master -- Forwarding Splunk's internal logs to the indexers -- Pointing servers to the license master -- Indexing cluster -- Configuring a TCP input -- Deployer -- Search heads -- Designating and starting a search head captain -- Checking search head cluster status -- Deployment server.

Multisite environments -- Cluster master -- Indexers -- Search heads -- Cross-environment search -- Documenting your Splunk deployment -- Summary -- Chapter 4: Getting Data into Splunk -- Installing Splunk universal forwarder -- Installation steps -- Starting/stopping the universal forwarder -- Configuring outputs.conf -- Configuring inputs.conf -- Setting up a heavy forwarder -- Configuring other data source inputs -- Configuring an HTTP Event Collector -- Testing the HTTP Event Collector -- Introduction to apps -- Using the deployment server -- Configuring a deployment client -- Configuring the deployment server -- Creating deployment apps -- Creating a serverclass.conf file -- Using forwarder management in Splunk web -- Managing Splunk Indexes -- Creating an index -- Deleting index data -- Summary indexes -- Metrics indexes -- Splunk sourcetypes -- Creating custom source types -- Using the cluster master -- Distributing the configuration bundle -- Summary -- Cahpter 5: Administering Splunk Apps and Users -- Using the deployer -- Deploying new or updated apps -- Configuring users and roles -- Splunk authentication -- LDAP authentication -- SAML authentication -- Managing Splunk roles -- Search restrictions -- Capabilities -- Indexes -- authorize.conf -- Working with authentication.conf and authorize.conf -- Best practices for administering Splunk -- Index naming conventions -- Source type naming conventions -- Location of indexes.conf, props.conf, and transforms.conf -- Supporting your Splunk Deployment -- Splunk support personnel -- Funding Your Splunk deployment -- Splunk resource cost calculations -- Summary -- Chapter 6: Searching with Splunk -- The Splunk Web interface -- Search controls -- Timeline and events -- Creating Splunk searches -- Basic search commands -- Index -- Time-range selection -- Search filters -- Search commands -- Eval.

Stats -- Dedup -- Rex -- Where -- Formatting commands -- Rename -- Sort/reverse -- Head/tail -- Top/rare -- Visualizing search results -- Table/fields -- Chart/timechart -- Chart -- Timechart -- Visualizations in Splunk web -- Advanced search commands -- Subsearches -- Join -- Transaction -- Streaming versus transforming commands -- Optimizing searches -- Optimizing search jobs -- Job inspector -- Summary -- Chapter 7: Splunk Knowledge Objects -- Field extractions -- Index-time field extractions -- Search-time field extractions -- Using the extract fields interface -- Other knowledge objects -- Event types - tags - aliases -- Event type -- Tags -- Field aliases -- Lookups -- Macros -- Datasets and data models -- Datasets -- Data models -- Using data models in search -- Data model acceleration -- Pivot tables -- Summary -- Chapter 8: Splunk Reports, Dashboards, and Alerts -- Introduction -- Creating reports -- Scheduling a report -- Creating a dashboard -- Adding a new panel with inline search -- Editing panel characteristics -- Using dashboard forms -- Using tokens -- Working with Simple XML -- Improving dashboard performance -- Using JavaScript and CSS within a dashboard -- Event-handlers -- Creating an alert -- Summary -- Chapter 9: Splunk Applications -- Splunk apps and add-ons -- Creating a Splunk app -- App context and permissions -- Using Splunkbase -- Splunk app and add-on for Unix and Linux -- Machine learning toolkit -- Splunk DB Connect -- Requirements and installation -- Hardware requirements -- Java runtime -- Installing DB connect -- Database JDBC drivers -- Configuring DB Connect -- Configuring task server -- Database drivers -- Configuring database input -- Identities and roles -- Connections -- Input -- Output -- Lookups -- Troubleshooting DB Connect -- HEC port conflicts -- Splunk Premium apps -- IT service intelligence.

Enterprise security and UBA -- Summary -- Chapter 10: Advanced Splunk -- Troubleshooting Splunk -- Splunk logs -- btool -- diag -- Opening a Splunk support case -- Locked license issue -- Performance and capacity -- REST API endpoints -- Splunk Monitoring Console -- Configuring the monitoring console -- Using the Monitoring Console -- Data rebalancing -- Indexer clustering and bucket status -- Upgrading Splunk Enterprise -- Splunk development -- Software Development Kits -- Using the Python SDK -- The REST API -- Additional study topics -- Summary -- Other Books You May Enjoy -- Index.

Splunk is a leading platform and solution for collecting, searching, and extracting value from ever increasing amounts of big data - and big data is eating the world! This book covers all the crucial Splunk topics and gives you the information and examples to get the immediate job done. You will find enough insights to support further.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.