SlideShare a Scribd company logo

Splunk overview

D
Daniel Hernandez

Splunk search overview. Introduction to Splunk search. Splunk search concepts.

Software
1 of 31
Splunk Overview Daniel Hernandez • Twitter: @dnlstkmty November 2015
What is Splunk? [4] Splunk is a tool that can be used to index, and search data. Splunk can generate graphs, alerts, and dashboards for this data.
What kind of data is used by Splunk? [5] IT streaming and historical data. Data from: 1. Event logs (e.g. event viewer logs) 2. Web logs (e.g. IIS logs) 3. System metrics (e.g. Windows performance counters) 4. And Others sources
Splunk local, and remote data Data used by Splunk can be on the same machine (local data), or in a remote machine (remote data)
Splunk Concepts Index. Data repositories created in splunk are called Indexes. An index is a database. Event. A single piece of data in Splunk is called Event [6]. Examples - single record or entry in a log file. - single record or entry in the event viewer.
Splunk Indexing When Splunk indexes data, it breaks up the data into individual pieces and gives each piece a timestamp, host, source, and source type.
Splunk Search Elements Step 2 Step 3 Search Sub- search Index Source Source Type Host Results Step 1
Splunk Search Concepts • Index. An Index is a data repository in Splunk. • Host. Host is the name, or IP address of the network machine that originated the event. • Source. Source is the file, directory path, network port, or script from which the event was originated. • Source Type. Source Type classify the data based on how it is formatted.
Installing Splunk • Splunk installation can be done by following the steps described in the below URL: http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchTu torial/Systemrequirements
Getting Familiar with Splunk • Get familiar with Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/NavigatingSplunk
Getting Data into Splunk • Get data into Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/GetthetutorialdataintoSplunk
Splunk Search & Reporting – UI elements Application Bar Search Bar Time Rage Picker
Splunk Search & Reporting
Splunk Search & Reporting’s panels How to Search What to Search
Splunk Search – Search Result Tabs
Splunk ‘What to Search’ panel Data Summary Hosts Sources Source Types
Splunk ‘What to Search’ panel
Splunk Search Elements available after searching in Splunk Search Result Tabs Search Action Buttons Search Mode Selector ‘Save as’ menu
Splunk Search
Splunk Search – Search Result Tabs Search Result Tabs Events Statistic Visualization
Splunk Search – Search Result Tabs
Splunk Search Results – Events Tab Events Tab Timeline of events Events view options Field sidebar Search term matches
Splunk Search Results – Events Tab
Splunk Search Results – Events Tab • Shows how many events have occurred at a particular point in time. Timeline • When data is indexed, Splunk extract information from the data that is formatted as name and value pairs. Fields sidebar
Splunk Search Results – Events Tab • Shows the events that match the search criteria. Search term matches • Shows menus with options to format the search results. Event view options
Searching Data using Splunk • To search for events / logs in Splunk, go to Splunk Search page. 1. In the Search textbox, type the word(s) you want to search 2. Specify filters to narrow the search result such as host or source 3. Click on the Search icon
Searching Data using Splunk
Searching Data using Splunk • Additional details about searching data in Splunk can be found in the below link: http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchTu torial/Startsearching
References 1. Splunk for SQL Users. http://www.innovato.com/splunk/SQLSplunk.html 2. Splunk Search Tutorial. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/WelcometotheSearchTutorial 3. Splunk Search Reference. http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchRefere nce/SearchCheatsheet 4. About Splunk Enterprise http://docs.splunk.com/Documentation/Splunk/latest/Overview/Ab outSplunkEnterprise
References 5. About getting data into Splunk Enterprise. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/AboutgettingdataintoSplunk 6. Event http://docs.splunk.com/Splexicon:Event 7. Splunk Installation Manual. http://docs.splunk.com/Documentation/Splunk/6.2.0/Installation/I nstallonWindows 8. About Splunk Free http://docs.splunk.com/Documentation/Splunk/latest/Admin/More aboutSplunkFree
References 9. Get the tutorial data into Splunk http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchT utorial/GetthetutorialdataintoSplunk 10.About the Search Tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/WelcometotheSearchTutorial 11.Splunk download. http://www.splunk.com/download

Recommended

SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
Splunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 

Recommended

SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
Splunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
Georg Knon
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
Splunk Enterprise 6.4
Splunk Enterprise 6.4Splunk Enterprise 6.4
Splunk Enterprise 6.4
Splunk
 
SplunkLive! Splunk for Security
SplunkLive! Splunk for SecuritySplunkLive! Splunk for Security
SplunkLive! Splunk for Security
Splunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
Splunk
 
Splunk Search Optimization
Splunk Search OptimizationSplunk Search Optimization
Splunk Search Optimization
Splunk
 
Splunk
SplunkSplunk
Splunk
Douglas Bernardini
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
Splunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Edureka!
 
Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?
Splunk
 
Splunk Insights
Splunk InsightsSplunk Insights
Splunk Insights
Sunil Kumar
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out Session
Georg Knon
 

More Related Content

What's hot

SplunkLive! Splunk for Security
SplunkLive! Splunk for SecuritySplunkLive! Splunk for Security
SplunkLive! Splunk for Security
Splunk
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
Splunk
 

What's hot (20)

Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk Enterprise 6.4
Splunk Enterprise 6.4Splunk Enterprise 6.4
Splunk Enterprise 6.4
 
SplunkLive! Splunk for Security
SplunkLive! Splunk for SecuritySplunkLive! Splunk for Security
SplunkLive! Splunk for Security
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
 
Splunk Search Optimization
Splunk Search OptimizationSplunk Search Optimization
Splunk Search Optimization
 
Splunk
SplunkSplunk
Splunk
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
 
Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?
 

Viewers also liked

Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out Session
Georg Knon
 
SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk Enterprise
Splunk
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting
Splunk
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
Splunk
 

Viewers also liked (11)

Splunk Insights
Splunk InsightsSplunk Insights
Splunk Insights
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out Session
 
SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk Enterprise
 
Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced Session
 
Splunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-OnSplunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-On
 
Getting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoGetting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - Demo
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Session
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 

Similar to Splunk overview

SplunkLive! Washington DC May 2013 - Search Language Beginner
SplunkLive! Washington DC May 2013 - Search Language BeginnerSplunkLive! Washington DC May 2013 - Search Language Beginner
SplunkLive! Washington DC May 2013 - Search Language Beginner
Splunk
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
Splunk
 
Using Splunk 6.3 - eLearning.pdf
Using Splunk 6.3 - eLearning.pdfUsing Splunk 6.3 - eLearning.pdf
Using Splunk 6.3 - eLearning.pdf
llan47
 
Introduction- Splunk is a leading software platform for collecting- in.docx
Introduction- Splunk is a leading software platform for collecting- in.docxIntroduction- Splunk is a leading software platform for collecting- in.docx
Introduction- Splunk is a leading software platform for collecting- in.docx
DanrLjAbrahamw
 
Splunk .conf2011: Search Language: Intermediate
Splunk .conf2011: Search Language: IntermediateSplunk .conf2011: Search Language: Intermediate
Splunk .conf2011: Search Language: Intermediate
Erin Sweeney
 
Splunk Components
Splunk ComponentsSplunk Components
Splunk Components
NikhilSharma142682
 
SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk Enterprise
Splunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
Splunk
 
Analytics with splunk - Advanced
Analytics with splunk - AdvancedAnalytics with splunk - Advanced
Analytics with splunk - Advanced
jenny_splunk
 
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk EnterpriseDaten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
jenny_splunk
 

Similar to Splunk overview (20)

Splunk .conf2011: Search Language: Beginner
Splunk .conf2011: Search Language: BeginnerSplunk .conf2011: Search Language: Beginner
Splunk .conf2011: Search Language: Beginner
 
SplunkLive! Washington DC May 2013 - Search Language Beginner
SplunkLive! Washington DC May 2013 - Search Language BeginnerSplunkLive! Washington DC May 2013 - Search Language Beginner
SplunkLive! Washington DC May 2013 - Search Language Beginner
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
 
Using Splunk 6.3 - eLearning.pdf
Using Splunk 6.3 - eLearning.pdfUsing Splunk 6.3 - eLearning.pdf
Using Splunk 6.3 - eLearning.pdf
 
Introduction- Splunk is a leading software platform for collecting- in.docx
Introduction- Splunk is a leading software platform for collecting- in.docxIntroduction- Splunk is a leading software platform for collecting- in.docx
Introduction- Splunk is a leading software platform for collecting- in.docx
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
 
Splunk .conf2011: Search Language: Intermediate
Splunk .conf2011: Search Language: IntermediateSplunk .conf2011: Search Language: Intermediate
Splunk .conf2011: Search Language: Intermediate
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with Splunk
 
Splunk
SplunkSplunk
Splunk
 
Splunk Components
Splunk ComponentsSplunk Components
Splunk Components
 
SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk Enterprise
 
SplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptxSplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptx
 
SplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptxSplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptx
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
 
Analytics with splunk - Advanced
Analytics with splunk - AdvancedAnalytics with splunk - Advanced
Analytics with splunk - Advanced
 
Veera
VeeraVeera
Veera
 
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk EnterpriseDaten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
 
Learn splunk online training
Learn splunk online training Learn splunk online training
Learn splunk online training
 
Getting Started Breakout Session
Getting Started Breakout Session Getting Started Breakout Session
Getting Started Breakout Session
 
Splunk Architecture - A complete guide
Splunk Architecture - A complete guideSplunk Architecture - A complete guide
Splunk Architecture - A complete guide
 

Recently uploaded

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 

Recently uploaded (20)

WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 

Splunk overview

  • 1. Splunk Overview Daniel Hernandez • Twitter: @dnlstkmty November 2015
  • 2. What is Splunk? [4] Splunk is a tool that can be used to index, and search data. Splunk can generate graphs, alerts, and dashboards for this data.
  • 3. What kind of data is used by Splunk? [5] IT streaming and historical data. Data from: 1. Event logs (e.g. event viewer logs) 2. Web logs (e.g. IIS logs) 3. System metrics (e.g. Windows performance counters) 4. And Others sources
  • 4. Splunk local, and remote data Data used by Splunk can be on the same machine (local data), or in a remote machine (remote data)
  • 5. Splunk Concepts Index. Data repositories created in splunk are called Indexes. An index is a database. Event. A single piece of data in Splunk is called Event [6]. Examples - single record or entry in a log file. - single record or entry in the event viewer.
  • 6. Splunk Indexing When Splunk indexes data, it breaks up the data into individual pieces and gives each piece a timestamp, host, source, and source type.
  • 7. Splunk Search Elements Step 2 Step 3 Search Sub- search Index Source Source Type Host Results Step 1
  • 8. Splunk Search Concepts • Index. An Index is a data repository in Splunk. • Host. Host is the name, or IP address of the network machine that originated the event. • Source. Source is the file, directory path, network port, or script from which the event was originated. • Source Type. Source Type classify the data based on how it is formatted.
  • 9. Installing Splunk • Splunk installation can be done by following the steps described in the below URL: http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchTu torial/Systemrequirements
  • 10. Getting Familiar with Splunk • Get familiar with Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/NavigatingSplunk
  • 11. Getting Data into Splunk • Get data into Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/GetthetutorialdataintoSplunk
  • 12. Splunk Search & Reporting – UI elements Application Bar Search Bar Time Rage Picker
  • 13. Splunk Search & Reporting
  • 14. Splunk Search & Reporting’s panels How to Search What to Search
  • 15. Splunk Search – Search Result Tabs
  • 16. Splunk ‘What to Search’ panel Data Summary Hosts Sources Source Types
  • 17. Splunk ‘What to Search’ panel
  • 18. Splunk Search Elements available after searching in Splunk Search Result Tabs Search Action Buttons Search Mode Selector ‘Save as’ menu
  • 20. Splunk Search – Search Result Tabs Search Result Tabs Events Statistic Visualization
  • 21. Splunk Search – Search Result Tabs
  • 22. Splunk Search Results – Events Tab Events Tab Timeline of events Events view options Field sidebar Search term matches
  • 23. Splunk Search Results – Events Tab
  • 24. Splunk Search Results – Events Tab • Shows how many events have occurred at a particular point in time. Timeline • When data is indexed, Splunk extract information from the data that is formatted as name and value pairs. Fields sidebar
  • 25. Splunk Search Results – Events Tab • Shows the events that match the search criteria. Search term matches • Shows menus with options to format the search results. Event view options
  • 26. Searching Data using Splunk • To search for events / logs in Splunk, go to Splunk Search page. 1. In the Search textbox, type the word(s) you want to search 2. Specify filters to narrow the search result such as host or source 3. Click on the Search icon
  • 28. Searching Data using Splunk • Additional details about searching data in Splunk can be found in the below link: http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchTu torial/Startsearching
  • 29. References 1. Splunk for SQL Users. http://www.innovato.com/splunk/SQLSplunk.html 2. Splunk Search Tutorial. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/WelcometotheSearchTutorial 3. Splunk Search Reference. http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchRefere nce/SearchCheatsheet 4. About Splunk Enterprise http://docs.splunk.com/Documentation/Splunk/latest/Overview/Ab outSplunkEnterprise
  • 30. References 5. About getting data into Splunk Enterprise. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/AboutgettingdataintoSplunk 6. Event http://docs.splunk.com/Splexicon:Event 7. Splunk Installation Manual. http://docs.splunk.com/Documentation/Splunk/6.2.0/Installation/I nstallonWindows 8. About Splunk Free http://docs.splunk.com/Documentation/Splunk/latest/Admin/More aboutSplunkFree
  • 31. References 9. Get the tutorial data into Splunk http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchT utorial/GetthetutorialdataintoSplunk 10.About the Search Tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/WelcometotheSearchTutorial 11.Splunk download. http://www.splunk.com/download