Splunk Operational Intelligence Cookbook

Over 70 practical recipes to gain operational data intelligence with Splunk Enterprise

Splunk Operational Intelligence Cookbook

Cookbook
Josh Diakun, Paul R Johnson, Derek Mock

Over 70 practical recipes to gain operational data intelligence with Splunk Enterprise
$29.99
$49.99
RRP $29.99
RRP $49.99
eBook
Print + eBook
$12.99 p/month

Want this title & more? Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.
+ Collection
Free Sample

Book Details

ISBN 139781849697842
Paperback414 pages

About This Book

  • Learn how to use Splunk to effectively gather, analyze, and report on the operational data across your environment
  • Expedite your operational intelligence reporting, be empowered to present data in a meaningful way, and shorten the Splunk learning curve
  • Easy-to-use recipes to help you create robust searches, reports, and charts using Splunk

Who This Book Is For

This book is intended for users of all levels who are looking to leverage the Splunk Enterprise platform as a valuable operational intelligence tool. The recipes provided in this book will appeal to individuals from all facets of a business – IT, Security, Product, Marketing, and many more!

Table of Contents

Chapter 1: Play Time – Getting Data In
Introduction
Indexing files and directories
Getting data through network ports
Using scripted inputs
Using modular inputs
Using the Universal Forwarder to gather data
Loading the sample data for this book
Defining field extractions
Defining event types and tags
Summary
Chapter 2: Diving into Data – Search and Report
Introduction
Making raw event data readable
Finding the most accessed web pages
Finding the most used web browsers
Identifying the top-referring websites
Charting web page response codes
Displaying web page response time statistics
Listing the top viewed products
Charting the application's functional performance
Charting the application's memory usage
Counting the total number of database connections
Summary
Chapter 3: Dashboards and Visualizations – Make Data Shine
Introduction
Creating an Operational Intelligence dashboard
Using a pie chart to show the most accessed web pages
Displaying the unique number of visitors
Using a gauge to display the number of errors
Charting the number of method requests by type and host
Creating a timechart of method requests, views, and response times
Using a scatter chart to identify discrete requests by size and response time
Creating an area chart of the application's functional statistics
Using a bar chart to show the average amount spent by category
Creating a line chart of item views and purchases over time
Summary
Chapter 4: Building an Operational Intelligence Application
Introduction
Creating an Operational Intelligence application
Adding dashboards and reports
Organizing the dashboards more efficiently
Dynamically drilling down on activity reports
Creating a form to search web activities
Linking web page activity reports to the form
Displaying a geographical map of visitors
Scheduling the PDF delivery of a dashboard
Summary
Chapter 5: Extending Intelligence – Data Models and Pivoting
Introduction
Creating a data model for web access logs
Creating a data model for application logs
Accelerating data models
Pivoting total sales transactions
Pivoting purchases by geographical location
Pivoting slowest responding web pages
Pivot charting top error codes
Summary
Chapter 6: Diving Deeper – Advanced Searching
Introduction
Calculating the average session time on a website
Calculating the average execution time for multi-tier web requests
Displaying the maximum concurrent checkouts
Analyzing the relationship of web requests
Predicting website-traffic volumes
Finding abnormally sized web requests
Identifying potential session spoofing
Summary
Chapter 7: Enriching Data – Lookups and Workflows
Introduction
Looking up product code descriptions
Flagging suspicious IP addresses
Creating a session state table
Adding hostnames to IP addresses
Searching ARIN for a given IP address
Triggering a Google search for a given error
Creating a ticket for application errors
Looking up inventory from an external database
Summary
Chapter 8: Being Proactive – Creating Alerts
Introduction
Alerting on abnormal web page response times
Alerting on errors during checkout in real time
Alerting on abnormal user behavior
Alerting on failure and triggering a scripted response
Alerting when predicted sales exceed inventory
Summary
Chapter 9: Speed Up Intelligence – Data Summarization
Introduction
Calculating an hourly count of sessions versus completed transactions
Backfilling the number of purchases by city
Displaying the maximum number of concurrent sessions over time
Summary
Chapter 10: Above and Beyond – Customization, Web Framework, REST API, and SDKs
Introduction
Customizing the application's navigation
Adding a force-directed graph of web hits
Adding a calendar heatmap of product purchases
Remotely querying Splunk's REST API for unique page views
Creating a Python application to return unique IP addresses
Creating a custom search command to format product names
Summary

What You Will Learn

  • Search, report on, and visualize operational intelligence data
  • Enrich operational data with lookups and workflows
  • Model and accelerate data and perform pivot-based reporting
  • Build real-time, scripted, and other intelligence-driven alerts
  • Summarize data for longer term trending, reporting, and analysis
  • Build a fully featured Splunk operational intelligence application
  • Integrate advanced JavaScript charts and leverage Splunk's API

In Detail

This book contains over 70 practical, task-oriented recipes to build up your knowledge of Splunk's many features which you can apply to real-world operational intelligence scenarios.

Right from the first chapter, you will follow recipes that progressively build upon one another. The recipes provided will demonstrate methods to expedite delivery of intelligence reports and empower you to present data in a meaningful way through dashboards and by applying visualizations available in Splunk Enterprise. You will also delve deeply into your data with transactions, subsearching, concurrency, and more advanced search commands.

Authors

Table of Contents

Chapter 1: Play Time – Getting Data In
Introduction
Indexing files and directories
Getting data through network ports
Using scripted inputs
Using modular inputs
Using the Universal Forwarder to gather data
Loading the sample data for this book
Defining field extractions
Defining event types and tags
Summary
Chapter 2: Diving into Data – Search and Report
Introduction
Making raw event data readable
Finding the most accessed web pages
Finding the most used web browsers
Identifying the top-referring websites
Charting web page response codes
Displaying web page response time statistics
Listing the top viewed products
Charting the application's functional performance
Charting the application's memory usage
Counting the total number of database connections
Summary
Chapter 3: Dashboards and Visualizations – Make Data Shine
Introduction
Creating an Operational Intelligence dashboard
Using a pie chart to show the most accessed web pages
Displaying the unique number of visitors
Using a gauge to display the number of errors
Charting the number of method requests by type and host
Creating a timechart of method requests, views, and response times
Using a scatter chart to identify discrete requests by size and response time
Creating an area chart of the application's functional statistics
Using a bar chart to show the average amount spent by category
Creating a line chart of item views and purchases over time
Summary
Chapter 4: Building an Operational Intelligence Application
Introduction
Creating an Operational Intelligence application
Adding dashboards and reports
Organizing the dashboards more efficiently
Dynamically drilling down on activity reports
Creating a form to search web activities
Linking web page activity reports to the form
Displaying a geographical map of visitors
Scheduling the PDF delivery of a dashboard
Summary
Chapter 5: Extending Intelligence – Data Models and Pivoting
Introduction
Creating a data model for web access logs
Creating a data model for application logs
Accelerating data models
Pivoting total sales transactions
Pivoting purchases by geographical location
Pivoting slowest responding web pages
Pivot charting top error codes
Summary
Chapter 6: Diving Deeper – Advanced Searching
Introduction
Calculating the average session time on a website
Calculating the average execution time for multi-tier web requests
Displaying the maximum concurrent checkouts
Analyzing the relationship of web requests
Predicting website-traffic volumes
Finding abnormally sized web requests
Identifying potential session spoofing
Summary
Chapter 7: Enriching Data – Lookups and Workflows
Introduction
Looking up product code descriptions
Flagging suspicious IP addresses
Creating a session state table
Adding hostnames to IP addresses
Searching ARIN for a given IP address
Triggering a Google search for a given error
Creating a ticket for application errors
Looking up inventory from an external database
Summary
Chapter 8: Being Proactive – Creating Alerts
Introduction
Alerting on abnormal web page response times
Alerting on errors during checkout in real time
Alerting on abnormal user behavior
Alerting on failure and triggering a scripted response
Alerting when predicted sales exceed inventory
Summary
Chapter 9: Speed Up Intelligence – Data Summarization
Introduction
Calculating an hourly count of sessions versus completed transactions
Backfilling the number of purchases by city
Displaying the maximum number of concurrent sessions over time
Summary
Chapter 10: Above and Beyond – Customization, Web Framework, REST API, and SDKs
Introduction
Customizing the application's navigation
Adding a force-directed graph of web hits
Adding a calendar heatmap of product purchases
Remotely querying Splunk's REST API for unique page views
Creating a Python application to return unique IP addresses
Creating a custom search command to format product names
Summary

Book Details

ISBN 139781849697842
Paperback414 pages
Read More