Splunk 7 Essentials - Third Edition电子书

Title Page

Copyright and Credits

Splunk 7 Essentials Third Edition

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the authors

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Splunk – Getting Started

Your Splunk account

Obtaining a Splunk account

Installing Splunk on Windows

Installing Splunk on Linux

Logging in for the first time

Running a simple search

Creating a Splunk app

Populating data with Eventgen

Using the CLI to configure Eventgen

Installing the Eventgen add-on (Windows and Linux)

Controlling Splunk

Configuring Eventgen

Viewing the Destinations app

Creating your first dashboard

Summary

Bringing in Data

Splunk and big data

Streaming data

Analytical data latency

Sparseness of data

Splunk data sources

Machine data

Web logs

Data files

Social media data

Relational database data

Other data types

Creating indexes

Buckets

Log files as data input

Splunk events and fields

Extracting new fields

Summary

Search Processing Language

Anatomy of a search

Search pipeline

Time modifiers

Filtering search results

Search command – stats

Search command – top/rare

Search commands – chart and timechart

Search command – eval

Search command – rex

Summary

Reporting, Alerts, and Search Optimization

Data classification with Event Types

Data normalization with Tags

Data enrichment with Lookups

Creating and scheduling reports

Creating alerts

Search and Report acceleration

Scheduling options

Summary indexing

Summary

Dynamic Dashboarding

Creating effective dashboards

Types of dashboards

Gathering business requirements

Dynamic form-based dashboard

Creating a Status Distribution panel

Creating the Status Types Over Time panel

Creating the Hits vs Response Time panel

Arrange the dashboard

Panel options

Pie chart – Status Distribution

Stacked area chart – Status Types Over Time

Column with overlay combination chart – Hits vs Response Time

Form inputs

Creating a time range input

Creating a radio input

Creating a drop-down input

Static real-time dashboard

Single-value panels with color ranges

Creating panels by cloning

Single-value panels with trends

Real-time column charts with line overlays

Creating a choropleth map

Summary

Data Models and Pivot

Creating a data model

Adding attributes to objects

Creating child objects

Creating an attribute based on a regular expression

Data model acceleration

The Pivot editor

Creating a Pivot and a chart

Creating an area chart

Creating a pie chart

Single value with trending sparkline

Rearranging your dashboard

Summary

HTTP Event Collector

What is the HEC?

How does the HEC work?

How data flows to the HEC

Logging data

Using a token with data

Sending out the data request

Verifying the token

Indexing the data

Enabling the HEC

Generating an HEC authentication token

Seeing the HEC in action with cURL

Indexer acknowledgement

Summary

Best Practices and Advanced Queries

Indexes for testing

Searching within an index

Search within a limited time frame

Quick searches via fast mode

Using event sampling

Use the fields command to improve search performance

Advanced searches

Subsearch

Using append

Using join

Using eval and if

Using eval and match with a case function

Summary

Taking Splunk to the Organization

Common organizational use cases

IT operations

Cybersecurity

Software development and support operations

Internet of Things

Splunk architecture considerations

Splunk architecture for an organization

Search capacity

Indexing capacity and data replication

High availability for critical environments

Monitoring Console

Forwarders

Universal forwarder

Heavy forwarder

Splunk Cloud

Splunk pricing model

The Splunk community and online resources

Summary