售 价:¥
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
Splunk Operational Intelligence Cookbook Second Edition
Table of Contents
Splunk Operational Intelligence Cookbook Second Edition
Credits
About the Authors
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Instant updates on new Packt books
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
1. Play Time – Getting Data In
Introduction
Indexing files and directories
Getting ready
How to do it…
How it works…
There's more…
Adding a file or directory data input via the CLI
Adding a file or directory input via inputs.conf
One-time indexing of data files via the Splunk CLI
Indexing the Windows event logs
See also
Getting data through network ports
Getting ready
How to do it…
How it works…
There's more…
Adding a network input via the CLI
Adding a network input via inputs.conf
See also
Using scripted inputs
Getting ready
How to do it…
How it works…
See also
Using modular inputs
Getting ready
How to do it…
How it works…
There's more…
See also
Using the Universal Forwarder to gather data
Getting ready
How to do it…
How it works…
There's more…
Add the receiving indexer via outputs.conf
Loading the sample data for this book
Getting ready
How to do it…
How it works…
See also
Defining field extractions
Getting ready
How to do it…
How it works…
See also
Defining event types and tags
Getting ready
How to do it…
How it works…
There's more…
Adding event types and tags via eventtypes.conf and tags.conf
See also
2. Diving into Data – Search and Report
Introduction
Making raw event data readable
Getting ready
How to do it…
How it works…
There's more…
Tabulating every field
Removing fields, then tabulating everything else
Finding the most accessed web pages
Getting ready
How to do it…
How it works…
There's more…
Searching for the top 10 accessed web pages
Searching for the most accessed pages by user
See also
Finding the most used web browsers
Getting ready
How to do it…
How it works…
There's more…
Searching for the web browser data for the most used OS types
See also
Identifying the top-referring websites
Getting ready
How to do it…
How it works…
There's more…
Searching for the top 10 using stats instead of top
See also
Charting web page response codes
Getting ready
How to do it…
How it works…
There's more…
Totaling success and error web page response codes
See also
Displaying web page response time statistics
Getting ready
How to do it…
How it works…
There's more…
Displaying web page response time by action
See also
Listing the top viewed products
Getting ready
How to do it…
How it works…
There's more…
Searching for the percentage of cart additions from product views
See also
Charting the application's functional performance
Getting ready
How to do it…
How it works…
There's more…
See also
Charting the application's memory usage
Getting ready
How to do it…
How it works…
See also
Counting the total number of database connections
Getting ready
How to do it…
How it works…
See also
3. Dashboards and Visualizations – Making Data Shine
Introduction
Creating an Operational Intelligence dashboard
Getting ready
How to do it…
How it works…
There's more…
Changing dashboard permissions
Using a pie chart to show the most accessed web pages
Getting ready
How to do it…
How it works…
There's more…
Searching for the top 10 accessed web pages
See also
Displaying the unique number of visitors
Getting ready
How to do it…
How it works…
There's more…
Coloring the value based on ranges
Adding trends and sparklines to the values
See also
Using a gauge to display the number of errors
Getting ready
How to do it…
How it works…
There's more…
See also
Charting the number of method requests by type and host
Getting ready
How to do it…
How it works…
See also
Creating a timechart of method requests, views, and response times
Getting ready
How to do it…
How it works…
There's more…
Method requests, views, and response times by host
See also
Using a scatter chart to identify discrete requests by size and response time
Getting ready
How to do it…
How it works…
There's more…
Using time series data points with a scatter chart
See also
Creating an area chart of the application's functional statistics
Getting ready
How to do it…
How it works…
See also
Using a bar chart to show the average amount spent by category
Getting ready
How to do it…
How it works…
See also
Creating a line chart of item views and purchases over time
Getting ready
How to do it…
How it works…
See also
4. Building an Operational Intelligence Application
Introduction
Creating an Operational Intelligence application
Getting ready
How to do it…
How it works…
There's more…
Creating an application from another application
Downloading and installing a Splunk app
See also
Adding dashboards and reports
Getting ready
How to do it…
How it works…
There's more…
Changing permissions of saved reports
See also
Organizing the dashboards more efficiently
Getting ready
How to do it…
How it works…
There's more…
Modifying the Simple XML directly
See also
Dynamically drilling down on activity reports
Getting ready
How to do it…
How it works…
There's more…
Disabling the drilldown feature in tables and charts
See also
Creating a form for searching web activity
Getting ready
How to do it…
How it works…
There's more…
Adding a Submit button to your form
See also
Linking web page activity reports to the form
Getting ready
How to do it…
How it works…
There's more…
Adding an overlay to the Sessions Over Time chart
See also
Displaying a geographical map of visitors
Getting ready
How to do it…
How it works…
There's more…
Adding a map panel using Simple XML
Mapping different distributions by area
See also
Scheduling PDF delivery of a dashboard
Getting ready
How to do it…
How it works…
See also
5. Extending Intelligence – Data Models and Pivoting
Introduction
Creating a data model for web access logs
Getting ready
How to do it…
How it works…
There's more…
Searching data models using the search interface
See also
Creating a data model for application logs
Getting ready
How to do it…
How it works…
See also
Accelerating data models
Getting ready
How to do it…
How it works…
There's more…
Viewing data model and acceleration summary information
Advanced configuration of data model acceleration
See also
Pivoting total sales transactions
Getting ready
How to do it…
How it works…
There's more…
Pivot searching using the pivot command and search interface
See also
Pivoting purchases by geographic location
Getting ready
How to do it…
How it works…
See also
Pivoting slowest responding web pages
Getting ready
How to do it…
How it works…
See also
Pivot charting top error codes
Getting ready
How to do it…
How it works…
See also
6. Diving Deeper – Advanced Searching
Introduction
Calculating the average session time on a website
Getting ready
How to do it…
How it works…
There's more…
Starts with a website visit, ends with a checkout
Defining maximum pause, span, and events in a transaction
See also
Calculating the average execution time for multi-tier web requests
Getting ready
How to do it…
How it works…
There's more…
Calculating the average execution time without using a join
See also
Displaying the maximum concurrent checkouts
Getting ready
How to do it…
How it works…
See also
Analyzing the relationship of web requests
Getting ready
How to do it…
How it works…
There's more…
Analyzing relationships of DB actions to memory utilization
See also
Predicting website traffic volumes
Getting ready
How to do it…
How it works…
There's more…
Predicting the total number of items purchased
Predicting the average response time of function calls
See also
Finding abnormally-sized web requests
Getting ready
How to do it…
How it works…
There's more…
The anomalies command
The anomalousvalues command
The anomalydetection command
The cluster command
See also
Identifying potential session spoofing
Getting ready
How to do it…
How it works…
There's more…
Creating logic for urgency
See also
7. Enriching Data – Lookups and Workflows
Introduction
Looking up product code descriptions
Getting ready
How to do it…
How it works…
There's more…
Manually adding the lookup to Splunk
See also
Flagging suspect IP addresses
Getting ready
How to do it…
How it works…
There's more…
Modifying an existing saved search to populate a lookup table
See also
Creating a session state table
Getting ready
How to do it…
How it works…
There's more…
Use the Splunk KV store to maintain the session state table
See also
Adding hostnames to IP addresses
Getting ready
How to do it…
How it works…
There's more…
Enabling automatic external field lookups
See also
Searching ARIN for a given IP address
Getting ready
How to do it…
How it works…
There's more…
Limiting workflow actions by event types
See also
Triggering a Google search for a given error
Getting ready
How to do it…
How it works…
There's more…
Triggering a Google search from the chart drilldown options
See also
Creating a ticket for application errors
Getting ready
How to do it…
How it works…
There's more…
Adding a workflow action manually in Splunk
See also
Looking up inventory from an external database
Getting ready
How to do it…
How it works…
There's more…
Use DB Connect for direct external DB lookups
See also
8. Being Proactive – Creating Alerts
Introduction
Alerting on abnormal web page response times
Getting ready
How to do it…
How it works…
There's more…
Viewing triggered alerts in Splunk's Alert manager
See also
Alerting on errors during checkout in real time
Getting ready
How to do it…
How it works…
There's more…
Building alerts via a configuration file
Editing alert configuration attributes using Advanced edit
Identify the real-time searches that are running
See also
Alerting on abnormal user behavior
Getting ready
How to do it…
How it works…
There's more…
Alerting on abnormal user purchases without checkouts
See also
Alerting on failure and triggering a scripted response
Getting ready
How to do it…
How it works…
There's more…
See also
Alerting when predicted sales exceed inventory
Getting ready
How to do it…
How it works…
There's more…
Adding an RSS feed notification action to an alert
See also
9. Speeding Up Intelligence – Data Summarization
Introduction
Calculating an hourly count of sessions versus completed transactions
Getting ready
How to do it…
How it works…
There's more…
Generating the summary more frequently
Avoiding summary index overlaps and gaps
See also
Backfilling the number of purchases by city
Getting ready
How to do it…
How it works…
There's more…
Backfilling a summary index from within a search directly
See also
Displaying the maximum number of concurrent sessions over time
Getting ready
How to do it…
How it works…
There's more…
Viewing the status of an accelerated report
See also
10. Above and Beyond – Customization, Web Framework, REST API, HTTP Event Collector, and SDKs
Introduction
Customizing the application navigation
Getting ready
How to do it...
How it works...
There's more…
Adding a force-directed graph of web hits
Getting ready
How to do it...
How it works...
There's more…
Changing the time range on the search manager
See also
Adding a calendar heatmap of product purchases
Getting ready
How to do it...
How it works...
See also
Adding cell highlighting of average product price
Getting ready
How to do it...
How it works...
There's more…
See also
Remotely querying Splunk's REST API for unique page views
Getting ready
How to do it...
How it works...
There's more…
Authenticating with a session token
See also
Creating a Python application to return unique IP addresses
Getting ready
How to do it...
How it works...
There's more...
Paginating the results of your search
See also
Creating a custom search command to format product names
Getting ready
How to do it...
How it works...
See also
Collecting data from remote scanning devices
Getting ready
How to do it...
How it works...
See also
Index
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜