Splunk Operational Intelligence Cookbook电子书

Splunk Operational Intelligence Cookbook

Table of Contents

Splunk Operational Intelligence Cookbook

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Play Time – Getting Data In

Introduction

Indexing files and directories

Getting ready

How to do it...

How it works...

There's more...

Adding a file or directory data input via the CLI

Adding a file or directory input via inputs.conf

One-time indexing of data files via the Splunk CLI

Indexing the Windows event logs

See also

Getting data through network ports

Getting ready

How to do it...

How it works...

There's more...

Adding a network input via the CLI

Adding a network input via inputs.conf

See also

Using scripted inputs

Getting ready

How to do it...

How it works...

See also

Using modular inputs

Getting ready

How to do it...

How it works...

There's more...

See also

Using the Universal Forwarder to gather data

Getting ready

How to do it...

How it works...

There's more...

Add the receiving indexer via outputs.conf

Loading the sample data for this book

Getting ready

How to do it...

How it works...

See also

Defining field extractions

Getting ready

How to do it...

How it works...

See also

Defining event types and tags

Getting ready

How to do it...

How it works...

There's more...

Adding event types and tags via eventtypes.conf and tags.conf

See also

Summary

2. Diving into Data – Search and Report

Introduction

Making raw event data readable

Getting ready

How to do it...

How it works...

There's more...

Tabulating every field

Removing fields, then tabulating everything else

Finding the most accessed web pages

Getting ready

How to do it...

How it works...

There's more...

Searching for the top 10 accessed web pages

Searching for the most accessed pages by user

See also

Finding the most used web browsers

Getting ready

How to do it...

How it works...

There's more…

Searching the web browser data for the most used OS types

See also

Identifying the top-referring websites

Getting ready

How to do it...

How it works...

There's more…

Searching for the top 10 referring websites using stats instead of top

See also

Charting web page response codes

Getting ready

How to do it...

How it works...

There's more...

Totaling success and error web page response codes

See also

Displaying web page response time statistics

Getting ready

How to do it...

How it works...

There's more...

Displaying web page response time by action

See also

Listing the top viewed products

Getting ready

How to do it...

How it works...

There's more...

Searching for the percentage of cart additions from product views

See also

Charting the application's functional performance

Getting ready

How to do it...

How it works...

There's more...

See also

Charting the application's memory usage

Getting ready

How to do it...

How it works...

See also

Counting the total number of database connections

Getting ready

How to do it...

How it works...

See also

Summary

3. Dashboards and Visualizations – Make Data Shine

Introduction

Creating an Operational Intelligence dashboard

Getting ready

How to do it...

How it works...

There's more...

Changing dashboard permissions

Using a pie chart to show the most accessed web pages

Getting ready

How to do it...

How it works...

There's more...

Searching for the top 10 accessed web pages

See also

Displaying the unique number of visitors

Getting ready

How to do it...

How it works...

There's more…

Adding labels to a single value panel

Coloring the value based on ranges

See also

Using a gauge to display the number of errors

Getting ready

How to do it...

How it works...

There's more…

See also

Charting the number of method requests by type and host

Getting ready

How to do it...

How it works...

See also

Creating a timechart of method requests, views, and response times

Getting ready

How to do it...

How it works...

There's more...

Method requests, views, and response times by host

See also

Using a scatter chart to identify discrete requests by size and response time

Getting ready

How to do it...

How it works...

There's more...

Using time series data points with a scatter chart

See also

Creating an area chart of the application's functional statistics

Getting ready

How to do it...

How it works...

See also

Using a bar chart to show the average amount spent by category

Getting ready

How to do it...

How it works...

See also

Creating a line chart of item views and purchases over time

Getting ready

How to do it…

How it works...

See also

Summary

4. Building an Operational Intelligence Application

Introduction

Creating an Operational Intelligence application

Getting ready

How to do it...

How it works...

There's more...

Creating an application from another application

Downloading and installing a Splunk app

See also

Adding dashboards and reports

Getting ready

How to do it...

How it works...

There's more…

Changing the permissions of saved reports

See also

Organizing the dashboards more efficiently

Getting ready

How to do it...

How it works...

There's more…

Modifying the SimpleXML directly

See also

Dynamically drilling down on activity reports

Getting ready

How to do it...

How it works...

There's more…

Disabling the drilldown feature in tables and charts

See also

Creating a form to search web activities

Getting ready

How to do it...

How it works...

There's more...

Adding a Submit button to your form

See also

Linking web page activity reports to the form

Getting ready

How to do it...

How it works...

There's more...

Adding an overlay to the Sessions Over Time chart

See also

Displaying a geographical map of visitors

Getting ready

How to do it...

How it works...

There's more...

Adding a map panel using SimpleXML

Mapping different distributions by area

See also

Scheduling the PDF delivery of a dashboard

Getting ready

How to do it...

How it works...

See also

Summary

5. Extending Intelligence – Data Models and Pivoting

Introduction

Creating a data model for web access logs

Getting ready

How to do it...

How it works...

There's more...

Searching data models using the search interface

See also

Creating a data model for application logs

Getting ready

How to do it...

How it works...

See also

Accelerating data models

Getting ready

How to do it...

How it works...

There's more...

Viewing data model and acceleration summary information

Advanced configuration of data model acceleration

See also

Pivoting total sales transactions

Getting ready

How to do it...

How it works...

There's more...

Pivot searching using the pivot command and search interface

See also

Pivoting purchases by geographical location

Getting ready

How to do it...

How it works...

See also

Pivoting slowest responding web pages

Getting ready

How to do it...

How it works…

See also

Pivot charting top error codes

Getting ready

How to do it...

How it works...

See also

Summary

6. Diving Deeper – Advanced Searching

Introduction

Calculating the average session time on a website

Getting ready

How to do it...

How it works...

There's more...

Starts with a website visit, ends with a checkout

Defining maximum pause, span, and events in a transaction

See also

Calculating the average execution time for multi-tier web requests

Getting ready

How to do it...

How it works...

There's more…

Calculating the average execution time without using a join

See also

Displaying the maximum concurrent checkouts

Getting ready

How to do it...

How it works...

See also

Analyzing the relationship of web requests

Getting ready

How to do it...

How it works...

There's more…

Analyzing relationships of DB actions to memory utilization

See also

Predicting website-traffic volumes

Getting ready

How to do it...

How it works...

There's more…

Predicting the total number of items purchased

Predicting the average response time of function calls

See also

Finding abnormally sized web requests

Getting ready

How to do it...

How it works...

There's more...

The anomalies command

The anomalousvalues command

The cluster command

See also

Identifying potential session spoofing

Getting ready

How to do it...

How it works...

There's more...

Creating logic for urgency

See also

Summary

7. Enriching Data – Lookups and Workflows

Introduction

Lookups

Looking up product code descriptions

Getting ready

How to do it...

How it works...

There's more...

Manually adding the lookup to Splunk

See also

Flagging suspicious IP addresses

Getting ready

How to do it...

How it works...

There's more...

Modifying an existing saved search to populate a lookup table

See also

Creating a session state table

Getting ready

How to do it...

How it works...

See also

Adding hostnames to IP addresses

Getting ready

How to do it...

How it works...

There's more…

Enabling automatic external field lookups

See also

Searching ARIN for a given IP address

Getting ready

How to do it...

How it works...

There's more...

Limiting workflow actions by event types

See also

Triggering a Google search for a given error

Getting ready

How to do it...

How it works...

There's more...

Triggering a Google search from the chart drilldown options

See also

Creating a ticket for application errors

Getting ready

How to do it...

How it works...

There's more...

Adding a workflow action manually in Splunk

See also

Looking up inventory from an external database

Getting ready

How to do it…

How it works...

There's more...

Use DB Connect for direct external DB lookups

See also

Summary

8. Being Proactive – Creating Alerts

Introduction

Alerting on abnormal web page response times

Getting ready

How to do it...

How it works...

There's more...

Viewing triggered alerts in Splunk's Alert manager

See also

Alerting on errors during checkout in real time

Getting ready

How to do it...

How it works...

There's more...

Building alerts via a configuration file

Identify the real-time searches that are running

See also

Alerting on abnormal user behavior

Getting ready

How to do it...

How it works...

There's more...

Alerting on abnormal user purchases without checkouts

See also

Alerting on failure and triggering a scripted response

Getting ready

How to do it...

How it works...

There's more…

See also

Alerting when predicted sales exceed inventory

Getting ready

How to do it...

How it works...

There's more…

Adding an RSS feed notification action to an alert

See also

Summary

9. Speed Up Intelligence – Data Summarization

Introduction

Calculating an hourly count of sessions versus completed transactions

Getting ready

How to do it...

How it works...

There's more...

Generating the summary more frequently

Avoiding summary index overlaps and gaps

See also

Backfilling the number of purchases by city

Getting ready

How to do it...

How it works...

There's more...

Backfilling a summary index from within a search directly

See also

Displaying the maximum number of concurrent sessions over time

Getting ready

How to do it...

How it works...

There's more...

Viewing the status of an accelerated report

See also

Summary

10. Above and Beyond – Customization, Web Framework, REST API, and SDKs

Introduction

Customizing the application's navigation

Getting ready

How to do it...

How it works...

There's more…

Adding a force-directed graph of web hits

Getting ready

How to do it...

How it works...

There's more…

Changing the time range on the search manager

See also

Adding a calendar heatmap of product purchases

Getting ready

How to do it...

How it works...

See also

Remotely querying Splunk's REST API for unique page views

Getting ready

How to do it...

How it works...

There's more…

Authenticating with a session token

See also

Creating a Python application to return unique IP addresses

Getting ready

How to do it...

How it works...

There's more...

Paginating the results of your search

See also

Creating a custom search command to format product names

Getting ready

How to do it...

How it works...

See also

Summary

Index