Data
Reader small image

You're reading from  Splunk 7.x Quick Start Guide

Product typeBook
Published inNov 2018
PublisherPackt
ISBN-139781789531091
Edition1st Edition
Tools
Splunk
Concepts
Operational Intelligence
Right arrow
Author (1)
James H. Baxter
James H. Baxter
author image
James H. Baxter

James H Baxter is the owner/CEO of Machine Data Insights, Inc., a certified Splunk architect, and a developer and machine learning practitioner with over 35 years of experience in various engineering and analysis disciplines, including radio/satellite; networks; capacity and performance modelling; speech technology; packet-level analysis; programming; and Splunk architecture, administration, and machine learning solutions for companies including MCI, IBM, BP, Disney, and AMEX. James is also a private pilot and holds an Extra class amateur radio and FCC Radiotelephone license. You can reach him at LinkedIn at James H. Baxter.
Read more about James H. Baxter

Right arrow

Administering Splunk Apps and Users

—In this chapter, we will round out our administrative duties by learning how to distribute Splunk apps and set up our users and their roles so that they can access the data in Splunk, and have a place (a Splunk app) to save and use the reports, dashboards, and alerts they'll build using this data. We'll also spend a little time discussing how to best manage and support your Splunk environment in terms of financial and administrative resources so that it keeps running in top shape.

The topics covered in this chapter include:

  • How to distribute Splunk apps from a deployer
  • Configuring users and roles to grant access to Splunk functionality
  • Best practices for managing data in Splunk
  • Supporting your Splunk deployment

Let's go!

Using the deployer

The deployer is used to distribute apps and user files to search head-cluster members. This occurs when you execute a command to apply a new or updated configuration bundle that you have prepared; it also occurs when a search-cluster member joins or rejoins the cluster—it contacts the deployer to see whether there are any updates it needs to download—so that all search-cluster members always have identical configurations.

The deployer function in a small Splunk installation can reside on another supporting member, such as a cluster master or license master. In larger deployments, it should be a dedicated instance, mostly because the other dedicated instances will be pretty busy performing their respective functions.

The configuration bundle created and distributed to search cluster members by the deployer is not the same as the configuration bundle...

Configuring users and roles

Now that you have a working Splunk Enterprise environment, you will need to configure users to give them access to Splunk search heads, and assign roles to each user to control what levels of access and control they have in the environment. For small installations, you may choose to configure users with only Splunk own authentication controls; for larger installations, you'll likely use Lightweight Directory Access Protocol (LDAP), SAML (Security Assertion Markup Language), or one of the other available authentication methods.

Splunk authentication

Splunk authentication is on by default, and remains on even if you select one of the other authentication methods. This means that even if you have...

Best practices for administering Splunk

To avoid distractions in the previous sections of this chapter and in Chapter 4, Getting Data into Splunk, I've reserved a few additional comments on topics you will want to consider for establishing some best practices as you administer your Splunk environment, understanding of course that these have to be tailored to your particular organization's culture, needs, and IT environment.

Let's first talk about developing a naming convention for indexes and source types. A search of the web will provide a number of discussions and ideas on the topic; here are a few options I've settled on.

Index naming conventions

When creating indexes, use lowercase names (Splunk changes...

Supporting your Splunk Deployment

As important and challenging as setting up an efficient Splunk environment is, it is equally important - and sometimes just as challenging - to ensure that you have taken adequate measures to fund and support your Splunk solution so that it continues to provide value well into the future. We'll address several of the most important points in this section.

Splunk support personnel

As a rule of thumb, Splunk recommends a minimum of three Splunk support personnel for any significant Splunk deployment. With the following roles and related training/certification and experience, these roles and duties can overlap or be altered depending on the needs of the organization and skill sets within...

Summary

This was a relatively short but important chapter! After learning how to deploy apps to search-cluster members with the deployer, we discovered how to set up user authentication and define the various roles to control access to Splunk and its various capabilities. Finally, I offered a few best practices on administering your Splunk environment and some key considerations for supporting it into the future.

If you've waded through (and hopefully experimented with) all the functionality in this chapter and Chapter 4, Getting Data into Splunk, you now know how to expertly administer all of the Splunk components in a clustered, distributed environment. In addition, you understand how the various configuration settings for each function are represented in the .conf files for each component, as well as a great deal about how Splunk actually executes the administration tasks...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 6 of 12
Next Chapter
You have been reading a chapter from
Splunk 7.x Quick Start Guide
Published in: Nov 2018Publisher: PacktISBN-13: 9781789531091
© 2018 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
James H. Baxter

James H Baxter is the owner/CEO of Machine Data Insights, Inc., a certified Splunk architect, and a developer and machine learning practitioner with over 35 years of experience in various engineering and analysis disciplines, including radio/satellite; networks; capacity and performance modelling; speech technology; packet-level analysis; programming; and Splunk architecture, administration, and machine learning solutions for companies including MCI, IBM, BP, Disney, and AMEX. James is also a private pilot and holds an Extra class amateur radio and FCC Radiotelephone license. You can reach him at LinkedIn at James H. Baxter.
Read more about James H. Baxter

Other recommended products

Related to this chapter

Splunk 7 Essentials

Splunk 7 Essentials

This book will uncover the new features in Splunk 7 along with the best practices. You will learn to build navigable search operations, perform intuitive statistical analysis and design visually appealing dashboards for your IT infrastructure. With practical scenarios, you'll be able to design cohesive Splunk apps and deploy it to Splunk cloud.

BookMar 2018220 pages
Mastering Splunk 8

Mastering Splunk 8

This book will cover Splunk's offerings to efficiently capture, index, and correlate data from a searchable repository all in real-time to generate insightful graphs, reports, dashboards, and alerts. Developers and architects alike can be in high demand if they become experts with this tool.

BookDec 2020456 pages
Splunk Operational Intelligence Cookbook

Splunk Operational Intelligence Cookbook

This book demonstrates the power of Splunk 7.x to offer you quick solutions and strategies to bring efficient operational intelligence in your organization. Implement a wide range of tasks in recipe format to perform operations on machine data. Learn to achieve intelligent data-driven way using machine learning capabilities to explore complex data.

BookMay 2018541 pages
Implementing Splunk 7

Implementing Splunk 7

This book will help you implement Splunk 7's new services and will show you how to utilize them to quickly and efficiently process machine-generated big data. You will explore Splunk Cloud and the Machine Learning Toolkit and use them with ease throughout your organization. By the end of the book, you will have learned to implement these services in your tasks at work.

BookMar 2018576 pages

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages