Implementing Splunk - Second Edition

A comprehensive guide to help you transform Big Data into valuable business insights with Splunk 6.2
Preview in Mapt

Implementing Splunk - Second Edition

Vincent Bumgarner, James D. Miller

1 customer reviews
A comprehensive guide to help you transform Big Data into valuable business insights with Splunk 6.2
Mapt Subscription
FREE
$29.99/m after trial
eBook
$30.80
RRP $43.99
Save 29%
Print + eBook
$54.99
RRP $54.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$30.80
$54.99
$29.99 p/m after trial
RRP $43.99
RRP $54.99
Subscription
eBook
Print + eBook
Start 30 Day Trial

Frequently bought together


Implementing Splunk - Second Edition Book Cover
Implementing Splunk - Second Edition
$ 43.99
$ 30.80
AWS Administration - The Definitive Guide - Second Edition Book Cover
AWS Administration - The Definitive Guide - Second Edition
$ 35.99
$ 25.20
Buy 2 for $35.00
Save $44.98
Add to Cart

Book Details

ISBN 139781784391607
Paperback506 pages

Book Description

Splunk is a type of analysis and reporting software for analyzing machine-generated Big Data. It captures, indexes, and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations. It aims to make machine data accessible across an organization for a variety of purposes.

Implementing Splunk Second Edition is a learning guide that introduces you to all the latest features and improvements of Splunk 6.2. The book starts by introducing you to various concepts such as charting, reporting, clustering, and visualization. Every chapter is dedicated to enhancing your knowledge of a specific concept, including data models and pivots, speeding up your queries, backfilling, data replication, and so on. By the end of the book, you'll have a very good understanding of Splunk and be able to perform efficient data analysis.

Table of Contents

Chapter 1: The Splunk Interface
Logging into Splunk
The home app
The top bar
The search & reporting app
Using the time picker
Using the field picker
The settings section
Summary
Chapter 2: Understanding Search
Using search terms effectively
Boolean and grouping operators
Clicking to modify your search
Using fields to search
Using wildcards efficiently
All about time
Making searches faster
Sharing results with others
Search job settings
Saving searches for reuse
Creating alerts from searches
Summary
Chapter 3: Tables, Charts, and Fields
About the pipe symbol
Using top to show common field values
Using stats to aggregate values
Using chart to turn data
Using timechart to show values over time
Working with fields
Summary
Chapter 4: Data Models and Pivots
What is a data model?
What does a data model search?
Creating a data model
Lookup attributes
What is a pivot?
A quick example
Sparklines
Summary
Chapter 5: Simple XML Dashboards
The purpose of dashboards
Using wizards to build dashboards
Converting the panel to a report
Back to the dashboard
Editing XML directly
UI examples app
Building forms
Features replaced
Autorun dashboard
Scheduling the generation of dashboards
Summary
Chapter 6: Advanced Search Examples
Using subsearches to find loosely related events
Using transaction
Determining concurrency
Calculating events per slice of time
Rebuilding top
Acceleration
Summary
Chapter 7: Extending Search
Using tags to simplify search
Using event types to categorize results
Using lookups to enrich data
Using macros to reuse logic
Creating workflow actions
Using external commands
Summary
Chapter 8: Working with Apps
Defining an app
Included apps
Installing apps
Building your first app
Editing navigation
Customizing the appearance of your app
Object permissions
The app directory structure
Summary
Chapter 9: Building Advanced Dashboards
Reasons for working with advanced XML
Reasons for not working with advanced XML
The development process
The advanced XML structure
Converting simple XML to advanced XML
Module logic flow
Understanding layoutPanel
Reusing a query
Using intentions
Creating a custom drilldown
Third-party add-ons
Chapter 10: Summary Indexes and CSV Files
Understanding summary indexes
When to use a summary index
When not to use a summary index
Populating summary indexes with saved searches
Using summary index events in a query
Using sistats, sitop, and sitimechart
How latency affects summary queries
How and when to backfill summary data
Reducing summary index size
Calculating top for a large time frame
Using CSV files to store transient data
Summary
Chapter 11: Configuring Splunk
Locating Splunk configuration files
The structure of a Splunk configuration file
The configuration merging logic
An overview of Splunk .conf files
User interface resources
Summary
Chapter 12: Advanced Deployments
Planning your installation
Splunk instance types
Common data sources
Sizing indexers
Planning redundancy
Working with multiple indexes
Deploying the Splunk binary
Using apps to organize configuration
Configuration distribution
Using LDAP for authentication
Using Single Sign On
Load balancers and Splunk
Multiple search heads
Summary
Chapter 13: Extending Splunk
Writing a scripted input to gather data
Using Splunk from the command line
Querying Splunk via REST
Writing commands
Writing a scripted lookup to enrich data
Writing an event renderer
Writing a scripted alert action to process results
Hunk
Summary

What You Will Learn

  • Enrich your data with lookups and commands
  • Transform your data into useful and beautiful reports
  • Build professional-looking, informative dashboards
  • Get to know what Splunk data models and pivots are
  • Learn about pivot editor, pivot elements, filters, Sparklines, and more
  • Manage configurations from one to thousands of instances
  • Extend Splunk with scripts and advanced configuration
  • Create fields from your unstructured data
  • Write searches that are fast and lean

Authors

Table of Contents

Chapter 1: The Splunk Interface
Logging into Splunk
The home app
The top bar
The search & reporting app
Using the time picker
Using the field picker
The settings section
Summary
Chapter 2: Understanding Search
Using search terms effectively
Boolean and grouping operators
Clicking to modify your search
Using fields to search
Using wildcards efficiently
All about time
Making searches faster
Sharing results with others
Search job settings
Saving searches for reuse
Creating alerts from searches
Summary
Chapter 3: Tables, Charts, and Fields
About the pipe symbol
Using top to show common field values
Using stats to aggregate values
Using chart to turn data
Using timechart to show values over time
Working with fields
Summary
Chapter 4: Data Models and Pivots
What is a data model?
What does a data model search?
Creating a data model
Lookup attributes
What is a pivot?
A quick example
Sparklines
Summary
Chapter 5: Simple XML Dashboards
The purpose of dashboards
Using wizards to build dashboards
Converting the panel to a report
Back to the dashboard
Editing XML directly
UI examples app
Building forms
Features replaced
Autorun dashboard
Scheduling the generation of dashboards
Summary
Chapter 6: Advanced Search Examples
Using subsearches to find loosely related events
Using transaction
Determining concurrency
Calculating events per slice of time
Rebuilding top
Acceleration
Summary
Chapter 7: Extending Search
Using tags to simplify search
Using event types to categorize results
Using lookups to enrich data
Using macros to reuse logic
Creating workflow actions
Using external commands
Summary
Chapter 8: Working with Apps
Defining an app
Included apps
Installing apps
Building your first app
Editing navigation
Customizing the appearance of your app
Object permissions
The app directory structure
Summary
Chapter 9: Building Advanced Dashboards
Reasons for working with advanced XML
Reasons for not working with advanced XML
The development process
The advanced XML structure
Converting simple XML to advanced XML
Module logic flow
Understanding layoutPanel
Reusing a query
Using intentions
Creating a custom drilldown
Third-party add-ons
Chapter 10: Summary Indexes and CSV Files
Understanding summary indexes
When to use a summary index
When not to use a summary index
Populating summary indexes with saved searches
Using summary index events in a query
Using sistats, sitop, and sitimechart
How latency affects summary queries
How and when to backfill summary data
Reducing summary index size
Calculating top for a large time frame
Using CSV files to store transient data
Summary
Chapter 11: Configuring Splunk
Locating Splunk configuration files
The structure of a Splunk configuration file
The configuration merging logic
An overview of Splunk .conf files
User interface resources
Summary
Chapter 12: Advanced Deployments
Planning your installation
Splunk instance types
Common data sources
Sizing indexers
Planning redundancy
Working with multiple indexes
Deploying the Splunk binary
Using apps to organize configuration
Configuration distribution
Using LDAP for authentication
Using Single Sign On
Load balancers and Splunk
Multiple search heads
Summary
Chapter 13: Extending Splunk
Writing a scripted input to gather data
Using Splunk from the command line
Querying Splunk via REST
Writing commands
Writing a scripted lookup to enrich data
Writing an event renderer
Writing a scripted alert action to process results
Hunk
Summary

Book Details

ISBN 139781784391607
Paperback506 pages
Read More
From 1 reviews

Read More Reviews

Recommended for You

Splunk Essentials - Second Edition Book Cover
Splunk Essentials - Second Edition
$ 31.99
$ 22.40
Advanced Splunk Book Cover
Advanced Splunk
$ 39.99
$ 28.00
Splunk Best Practices Book Cover
Splunk Best Practices
$ 35.99
$ 25.20
Splunk Operational Intelligence Cookbook - Second Edition Book Cover
Splunk Operational Intelligence Cookbook - Second Edition
$ 43.99
$ 30.80
Splunk Developer's Guide - Second Edition Book Cover
Splunk Developer's Guide - Second Edition
$ 35.99
$ 25.20
Learning Splunk Web Framework Book Cover
Learning Splunk Web Framework
$ 31.99
$ 22.40