Data
Reader small image

You're reading from  Advanced Splunk

Product typeBook
Published inJun 2016
Publisher
ISBN-139781785884351
Edition1st Edition
Tools
Splunk
Concepts
Operational Intelligence
Right arrow
Author (1)
Ashish Kumar Tulsiram Yadav
Ashish Kumar Tulsiram Yadav
author image
Ashish Kumar Tulsiram Yadav

Ashish Kumar Tulsiram Yadav is a BE in computers and has around four and a half years of experience in software development, data analytics, and information security, and around four years of experience in Splunk application development and administration. He has experience of creating Splunk applications and add-ons, managing Splunk deployments, machine learning using R and Python, and analytics and visualization using various tools, such as Tableau and QlikView. He is currently working with the information security operations team, handling the Splunk Enterprise security and cyber security of the organization. He has worked as a senior software engineer at Larsen & Toubro Technology Services in the telecom consumer electronics and semicon unit providing data analytics on a wide variety of domains, such as mobile devices, telecom infrastructure, embedded devices, Internet of Things (IOT), Machine to Machine (M2M), entertainment devices, and network and storage devices. He has also worked in the area of information, network, and cyber security in his previous organization. He has experience in OMA LWM2M for device management and remote monitoring of IOT and M2M devices and is well versed in big data and the Hadoop ecosystem. He is a passionate ethical hacker, security enthusiast, and Linux expert and has knowledge of Python, R, .NET, HTML5, CSS, and the C language. He is an avid blogger and writes about ethical hacking and cyber security on his blogs in his free time. He is a gadget freak and keeps on writing reviews on various gadgets he owns. He has participated in and has been a winner of hackathons, technical paper presentations, white papers, and so on.
Read more about Ashish Kumar Tulsiram Yadav

Right arrow

Chapter 12. What Next? Splunk 6.4

We already covered various aspects of Splunk 6.3 in the previous chapters in detail. We saw the implementation of various analytics and visualization along with the features of Splunk 6.3. Splunk recently launched an updated version: Splunk 6.4. In this chapter, we will glimpse at all the new features that have been added in Splunk 6.4 to enable better analytics and visualization. Along with the features, we will also see what all changes have been made in Splunk to make it more scalable, functional, and useful to the users. Splunk 6.4, the latest version of Splunk Enterprise comes packed with new features and customizations. The following are the key features that have been added/improved in Splunk 6.4:

  • Storage optimization

  • Machine learning

  • Management and admin

  • Indexer and search head enhancement

  • Visualizations

  • Multi-search management

  • Enhanced alert actions

Storage optimization

Splunk 6.4 introduced the new tsidx Retention Policy feature, which allows users to reduce the storage requirements of data available in the cold bucket. The tsidx files are stored under indexers and are responsible for efficient searching in Splunk. Basically, the space taken by historical data available in the cold bucket can be reduced by approximately 50 percent by removing the tsidx indexing information. This can help in saving a lot of money every year that is spent on the storage of old/historical data. This policy can be modified by navigating in the Splunk web interface to Settings | Indexes in Splunk 6.4.

Machine learning

Splunk 6.4 has enhanced the Machine Learning Toolkit and Showcase app, which we already studied with an example in Chapter 5, Advanced Data Analytics. Splunk 6.4 comes with six new machine learning algorithms along with support to hundreds of algorithms of Python's data science library. Apart from this enhancement, the machine learning app has added the Guided ML feature that guides users step by step to build, test, and deploy machine learning models.

Splunk 6.4 has enhanced the predict command with features like these:

  • A new algorithm for bivariate time series has been introduced, taking covariance between the individual time series into account for better and efficient prediction

  • The predict command can be used to predict results for multiple time series at the same time and can also fill in missing data in the given time series

Management and admin

Splunk 6.4 comes with an enhanced distributed management console, which supports new topology views, search head clustering views, index and storage utilization, and performance views. It also has added support to grant restricted access to admins so that they can manage specific parts of Splunk deployments.

The following are some of the new features added in Splunk 6.4 under the distributed management console:

  • The HTTP Event Collector: The management console enlists the entire HTTP Event Collector input classified on the basis of the authorization token. This feature enables the admin to understand and get insight of the data coming in via the HTTP collector input method.

  • Search statistics: The console lists the heaviest/long running searches classified on the basis of users. This feature can be used to find out those searches that are causing overhead on Splunk servers.

  • I/O statistics: The I/O utilization of bandwidth for Splunk instances is shown to take necessary...

Indexer and search head enhancement

Splunk when deployed in a clustered and distributed environment is now introduced with various enhancements in Splunk 6.4 for higher efficiency and fault tolerance.

The following are the enhancements introduced in Splunk 6.4:

  • The index now supports replication of data model and report acceleration summaries. Until Splunk 6.3, if the index failed, the data model and report acceleration summaries were required to be regenerated. In Splunk 6.4, depending on the replication factor, the data model and report acceleration will also be replicated to survive failures.

  • In case of overheads or nonperformance of any indexer, the index can be quarantined. This feature restricts any new searches using this indexer, whereas any running searches will continue till the index search gets completed.

  • The search head now supports replication of the search peer. This feature enables us to add any nonclustered indexers to a search head cluster. Search head enhancement in Splunk...

Visualizations

Splunk 6.4 has added support of 12 new advanced visualizations directly in the Visualization panel. Some of the new visualizations in Splunk 6.4 were possible in the earlier version of Splunk, that is, Splunk 6.3 using the D3 extension plugin along with the use of customized JS and CSS. Splunk 6.4 adds capability to create any new visualization that can be installed as a plugin directly and share it with other fellow Splunk users.

The following is the list of visualizations introduced in Splunk 6.4 that can be selected and used from the Visualization tab of the Splunk dashboard. When it is said that Splunk 6.4 supports inbuilt visualizations, this means that these visualizations can be directly downloaded from the app store, and the visualizations gets added in the Visualization tab.

The following is the list of visualizations that we have covered in this book in various chapters of visualization using custom CSS and JS. In Splunk 6.4, these visualization apps can be directly...

Multi-search management

We have already seen how the post process was used to enhance the dashboard results based on a global search. Splunk 6.4 has enhanced multi-search management by adding a recursive search post process. Let's understand this enhancement with the help of an example:

Until Splunk 6.3, multi-search management's post process search was based on a global search, that is, a global search is defined and then based on the result of the global search, other post process searches were defined. In the newly enhanced recursive search post process, we can use a search as a base search, which itself is derived from another search. As in the preceding figure, Search 4 is based on the post process of Search 2, where Search 2 itself is based on a post process of a global search.

We have already studied the post process search in this book; now, let's see how to implement the recursive search post process on Splunk 6.4. The following code snippet explains how the recursive post process...

Enhanced alert actions

We already covered custom alert actions in detail in Chapter 9, Advanced Dashboard Customization. In this section, you will learn what new features have been introduced in the Splunk 6.4 release.

Splunk 6.4 has a new feature to choose from the action list of alert actions, that is, it sends log events to the Splunk receiver endpoint. In the following figure, the option marked in the rectangular box is the newly added feature in Splunk 6.4 under alert actions.

This option helps users to redirect the alert log data to Splunk again under the specified sourcetype or index. The alert that used to either trigger e-mails, webhook, or any other defined custom action can also be sent on Splunk for analysis in future. This feature can be helpful for auditing alert scenarios.

Let's understand the use of this Log Event feature in a custom alert. Suppose we have an alert defined to detect fraudulent transactions. Whenever such a transaction is detected, there is a support ticket...

Summary

In this chapter, we had a look at the features and customizations introduced in the latest version of Splunk 6.4. We saw how these features and customizations can be put to use for better use of Splunk's capabilities. In this book, we saw how and where Splunk can be used to make sense out of machine-generated log data and how we can create analytics and visualizations in Splunk. You also learned how to customize dashboards, tweak Splunk, and how to integrate Splunk with analytics and visualization tools.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 19 of 20
Next Chapter
You have been reading a chapter from
Advanced Splunk
Published in: Jun 2016Publisher: ISBN-13: 9781785884351
© 2016 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Ashish Kumar Tulsiram Yadav

Ashish Kumar Tulsiram Yadav is a BE in computers and has around four and a half years of experience in software development, data analytics, and information security, and around four years of experience in Splunk application development and administration. He has experience of creating Splunk applications and add-ons, managing Splunk deployments, machine learning using R and Python, and analytics and visualization using various tools, such as Tableau and QlikView. He is currently working with the information security operations team, handling the Splunk Enterprise security and cyber security of the organization. He has worked as a senior software engineer at Larsen & Toubro Technology Services in the telecom consumer electronics and semicon unit providing data analytics on a wide variety of domains, such as mobile devices, telecom infrastructure, embedded devices, Internet of Things (IOT), Machine to Machine (M2M), entertainment devices, and network and storage devices. He has also worked in the area of information, network, and cyber security in his previous organization. He has experience in OMA LWM2M for device management and remote monitoring of IOT and M2M devices and is well versed in big data and the Hadoop ecosystem. He is a passionate ethical hacker, security enthusiast, and Linux expert and has knowledge of Python, R, .NET, HTML5, CSS, and the C language. He is an avid blogger and writes about ethical hacking and cyber security on his blogs in his free time. He is a gadget freak and keeps on writing reviews on various gadgets he owns. He has participated in and has been a winner of hackathons, technical paper presentations, white papers, and so on.
Read more about Ashish Kumar Tulsiram Yadav

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages