SlideShare une entreprise Scribd logo

Splunk Insights

Sunil Kumar
Sunil Kumar

Splunk insights

Technologie
1  sur  26
Télécharger pour lire hors ligne
Presented By:Sunil Kumar 1
Agenda • • • • • • • What is Splunk Why Splunk Splunk Architecture Splunk Data Storage Splunk Installation Configuration Splunk Apps Splunk Searching, Reporting and Alerting • Splunk Dashboard
What is Splunk Splunk (the product) captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations Splunk aims to make machine data accessible across an organization and identifies data patterns, provides metrics, diagnoses problems and provides intelligence for business operation. Splunk is a used for application management, security and compliance, as well as business and web analytics. Splunk has over 5,200 licensed customers in 74 countries, including more than half of the Fortune 100.
Life Without Splunk
Life With Splunk
One Splunk. Many Uses.
Getting Data Into Splunk Agent and Agent-less Approach for Flexibility
How Splunk Stores Data Splunk is ingesting data and storing it in two types of files o Raw Data o Index File Splunk indexes are stored in directories called Buckets o This consists of the index file and the raw data o Buckets move through stages as they age
Splunk Licenses Free Download Limits Indexing to 500MB/day • • Enterprise Trial License expires after 60 days Reverts to Free License Features Disabled in Free License • • • • • Multiple user accounts and role-based access controls Distributed search Deployment management Scheduled saved searches and alerting Summary indexing Other License Types • Enterprise, Trial
Splunk Installation Splunk Platform • 32 or 64 bit • Indexer or Universal Forwarder • www.splunk.com/download Start Splunk • WIN: Program FilesSplunkbinsplunk.exe start (services start) • *NIX: /opt/splunk/bin/splunk start Splunk Home • WIN: Program FilesSplunk • Other: /opt/splunk (Applications/splunk)
Splunk Universal Forwarder Setup Unix Platform • Configure universal forwarder to auto-start $./splunk enable boot-start • Configure the universal forwarder to forward to a receiving indexer: $./splunk add forward-server <host>:<port> -auth <username>:<password> Windows Platform: • Configure the universal forwarder to forward to a receiving indexer
Splunk Apps Splunk Apps Categories: • Application Management 88 • IT Operations Management 151 • Security and Compliance 128 • Business Analytics 34 • Utilities 134 • Cool Stuff 93 http://apps.splunk.com
Log Monitoring Configuration Splunk's monitor process consumes any new data written to that file or directory. Sample inputs.conf configuration: Monitor a File: [monitor:/var/log/cassandra/system.log] sourcetype = log4j disabled = false Monitor a Directory files: [monitor:/var/log/] disabled = false
Splunk Searching • Wildcards are supported - * • Search terms are case insensitive. • Boolean searches are supported with AND, OR, NOT. Just remember that Booleans must be uppercase. • There is an implied AND between the search terms, and for complex searches, use parenthesis. (error OR failed) • Historical, custom, or real-time
Search Commands Search results are “piped” to the command: • Manipulating fields • Formatting • Handling results • Reporting
Saved Searches and Alerting OR
Alerting Actions • • • • Send email RSS Execute a script Track in Alert Manager
Splunk Alerting
Reporting Build reports from the results of any search Select type of report (Values over time, Top Values, Rare Values) and on which fields to report or perform statistics Choose the type of chart (line, area, column, etc) and other formatting options 20
Reporting Examples • Use wizard or reporting commands (timechart, top, etc) • Build real-time reports with real-time searches • Save reports for use on dashboards 21
Dashboards The Splunk Web Framework provides various options for creating dashboards: • Simple XML • Advanced XML • Splunk SDKs
Dashboards Contd.. Create dashboards from search results 23
Deployment Monitoring Keep Tabs On Your Splunk Enterprise Deployment Licenses Sourcetypes Indexers 24 Forwarders
Splunk Alternatives • Logstash • Hyperic HQ • Nagios • Appdynamics • NewRelic
Where to Go for Help • Documentation – http://www.splunk.com/base/Documentation • Technical Support – http://www.splunk.com/support • Videos – http://www.splunk.com/videos • Education – http://www.splunk.com/goto/education • Community – http://answers.splunk.com • Splunk Book – http://splunkbook.com 26

Recommandé

Splunk overview
Splunk overviewSplunk overview
Splunk overviewDaniel Hernandez
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunk
 
Exploring Splunk
Exploring SplunkExploring Splunk
Exploring SplunkDmitry Anoshin
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nycDimitri McKay - CISSP
 
Splunk - Buisness Intelligence tool
Splunk - Buisness Intelligence toolSplunk - Buisness Intelligence tool
Splunk - Buisness Intelligence toolArjun Ravindran
 
SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Splunk
SplunkSplunk
SplunkIntellipaat
 

Recommandé

Splunk overview
Splunk overviewSplunk overview
Splunk overviewDaniel Hernandez
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunk
 
Exploring Splunk
Exploring SplunkExploring Splunk
Exploring SplunkDmitry Anoshin
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nycDimitri McKay - CISSP
 
Splunk - Buisness Intelligence tool
Splunk - Buisness Intelligence toolSplunk - Buisness Intelligence tool
Splunk - Buisness Intelligence toolArjun Ravindran
 
SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Splunk
SplunkSplunk
SplunkIntellipaat
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Workshop splunk 6.5-saint-louis-mo
Workshop splunk 6.5-saint-louis-moWorkshop splunk 6.5-saint-louis-mo
Workshop splunk 6.5-saint-louis-moMohamad Hassan
 
SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Splunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overviewAlex Fok
 
Splunk What's New - Nov 2014
Splunk What's New - Nov 2014Splunk What's New - Nov 2014
Splunk What's New - Nov 2014Hal Rottenberg
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunk
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
December 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over HadoopDecember 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over HadoopYahoo Developer Network
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingSplunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101Splunk
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunk
 
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoTechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoIntergen
 
SplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunk
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGeorg Knon
 
Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Splunk
 

Contenu connexe

Tendances

Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Workshop splunk 6.5-saint-louis-mo
Workshop splunk 6.5-saint-louis-moWorkshop splunk 6.5-saint-louis-mo
Workshop splunk 6.5-saint-louis-moMohamad Hassan
 
SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Splunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overviewAlex Fok
 
Splunk What's New - Nov 2014
Splunk What's New - Nov 2014Splunk What's New - Nov 2014
Splunk What's New - Nov 2014Hal Rottenberg
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunk
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
December 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over HadoopDecember 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over HadoopYahoo Developer Network
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingSplunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101Splunk
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunk
 
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoTechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoIntergen
 
SplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunk
 

Tendances (20)

Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
 
Workshop splunk 6.5-saint-louis-mo
Workshop splunk 6.5-saint-louis-moWorkshop splunk 6.5-saint-louis-mo
Workshop splunk 6.5-saint-louis-mo
 
SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
 
Splunk What's New - Nov 2014
Splunk What's New - Nov 2014Splunk What's New - Nov 2014
Splunk What's New - Nov 2014
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk Enterprise
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
 
December 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over HadoopDecember 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over Hadoop
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - Intuit
 
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoTechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
 
SplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojo
 

En vedette

Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGeorg Knon
 
Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Splunk
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunk
 
Splunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-OnSplunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-OnSplunk
 
Getting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoGetting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoSplunk
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners SessionDavid Lutz
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with SplunkSplunk
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...Splunk
 

En vedette (10)

Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out Session
 
Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced Session
 
Splunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-OnSplunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-On
 
Getting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoGetting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - Demo
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Session
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 

Similaire à Splunk Insights

Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
SplunkLive Oslo/Stockholm Beginner Workshop
SplunkLive Oslo/Stockholm Beginner WorkshopSplunkLive Oslo/Stockholm Beginner Workshop
SplunkLive Oslo/Stockholm Beginner Workshopjenny_splunk
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with SplunkSplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with SplunkGeorg Knon
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseShannon Cuthbertson
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunk
 
SplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunk
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunk
 
SplunkLive! Customer Presentation - Garmin International
SplunkLive! Customer Presentation - Garmin InternationalSplunkLive! Customer Presentation - Garmin International
SplunkLive! Customer Presentation - Garmin InternationalSplunk
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardswardell henley
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthStephanie Bies
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthStephanie Bies
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with SplunkSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGeorg Knon
 
Splunk best practices
Splunk best practicesSplunk best practices
Splunk best practicesJilali HARITI
 
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk
 

Similaire à Splunk Insights (20)

Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
SplunkLive Oslo/Stockholm Beginner Workshop
SplunkLive Oslo/Stockholm Beginner WorkshopSplunkLive Oslo/Stockholm Beginner Workshop
SplunkLive Oslo/Stockholm Beginner Workshop
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with SplunkSplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with Splunk
 
SplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal HealthSplunkLive! Customer Presentation - Cardinal Health
SplunkLive! Customer Presentation - Cardinal Health
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation - Garmin International
SplunkLive! Customer Presentation - Garmin InternationalSplunkLive! Customer Presentation - Garmin International
SplunkLive! Customer Presentation - Garmin International
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandards
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
 
Splunk best practices
Splunk best practicesSplunk best practices
Splunk best practices
 
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data In
 

Dernier

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 

Splunk Insights

  • 2. Agenda • • • • • • • What is Splunk Why Splunk Splunk Architecture Splunk Data Storage Splunk Installation Configuration Splunk Apps Splunk Searching, Reporting and Alerting • Splunk Dashboard
  • 3. What is Splunk Splunk (the product) captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations Splunk aims to make machine data accessible across an organization and identifies data patterns, provides metrics, diagnoses problems and provides intelligence for business operation. Splunk is a used for application management, security and compliance, as well as business and web analytics. Splunk has over 5,200 licensed customers in 74 countries, including more than half of the Fortune 100.
  • 7.
  • 8. Getting Data Into Splunk Agent and Agent-less Approach for Flexibility
  • 9. How Splunk Stores Data Splunk is ingesting data and storing it in two types of files o Raw Data o Index File Splunk indexes are stored in directories called Buckets o This consists of the index file and the raw data o Buckets move through stages as they age
  • 10. Splunk Licenses Free Download Limits Indexing to 500MB/day • • Enterprise Trial License expires after 60 days Reverts to Free License Features Disabled in Free License • • • • • Multiple user accounts and role-based access controls Distributed search Deployment management Scheduled saved searches and alerting Summary indexing Other License Types • Enterprise, Trial
  • 11. Splunk Installation Splunk Platform • 32 or 64 bit • Indexer or Universal Forwarder • www.splunk.com/download Start Splunk • WIN: Program FilesSplunkbinsplunk.exe start (services start) • *NIX: /opt/splunk/bin/splunk start Splunk Home • WIN: Program FilesSplunk • Other: /opt/splunk (Applications/splunk)
  • 12. Splunk Universal Forwarder Setup Unix Platform • Configure universal forwarder to auto-start $./splunk enable boot-start • Configure the universal forwarder to forward to a receiving indexer: $./splunk add forward-server <host>:<port> -auth <username>:<password> Windows Platform: • Configure the universal forwarder to forward to a receiving indexer
  • 13. Splunk Apps Splunk Apps Categories: • Application Management 88 • IT Operations Management 151 • Security and Compliance 128 • Business Analytics 34 • Utilities 134 • Cool Stuff 93 http://apps.splunk.com
  • 14. Log Monitoring Configuration Splunk's monitor process consumes any new data written to that file or directory. Sample inputs.conf configuration: Monitor a File: [monitor:/var/log/cassandra/system.log] sourcetype = log4j disabled = false Monitor a Directory files: [monitor:/var/log/] disabled = false
  • 15. Splunk Searching • Wildcards are supported - * • Search terms are case insensitive. • Boolean searches are supported with AND, OR, NOT. Just remember that Booleans must be uppercase. • There is an implied AND between the search terms, and for complex searches, use parenthesis. (error OR failed) • Historical, custom, or real-time
  • 16. Search Commands Search results are “piped” to the command: • Manipulating fields • Formatting • Handling results • Reporting
  • 17. Saved Searches and Alerting OR
  • 20. Reporting Build reports from the results of any search Select type of report (Values over time, Top Values, Rare Values) and on which fields to report or perform statistics Choose the type of chart (line, area, column, etc) and other formatting options 20
  • 21. Reporting Examples • Use wizard or reporting commands (timechart, top, etc) • Build real-time reports with real-time searches • Save reports for use on dashboards 21
  • 22. Dashboards The Splunk Web Framework provides various options for creating dashboards: • Simple XML • Advanced XML • Splunk SDKs
  • 23. Dashboards Contd.. Create dashboards from search results 23
  • 24. Deployment Monitoring Keep Tabs On Your Splunk Enterprise Deployment Licenses Sourcetypes Indexers 24 Forwarders
  • 25. Splunk Alternatives • Logstash • Hyperic HQ • Nagios • Appdynamics • NewRelic
  • 26. Where to Go for Help • Documentation – http://www.splunk.com/base/Documentation • Technical Support – http://www.splunk.com/support • Videos – http://www.splunk.com/videos • Education – http://www.splunk.com/goto/education • Community – http://answers.splunk.com • Splunk Book – http://splunkbook.com 26