Splunk Best Practices
eBook - ePub

Splunk Best Practices

Travis Marlette

Share book
  1. 244 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Splunk Best Practices

Travis Marlette

Book details
Book preview
Table of contents
Citations

About This Book

Design, implement, and publish custom Splunk applications by following best practices

About This Book

  • This is the most up-to-date guide on the market and will help you finish your tasks faster, easier, and more efficiently.
  • Highly practical guide that addresses common and not-so-common pain points in Splunk.
  • Want to explore shortcuts to perform tasks more efficiently with Splunk? This is the book for you!

Who This Book Is For

This book is for administrators, developers, and search ninjas who have been using Splunk for some time. A comprehensive coverage makes this book great for Splunk veterans and newbies alike.

What You Will Learn

  • Use Splunk effectively to gather, analyze, and report on operational data throughout your environment
  • Expedite your reporting, and be empowered to present data in a meaningful way
  • Create robust searches, reports, and charts using Splunk
  • Modularize your programs for better reusability.
  • Build your own Splunk apps and learn why they are important
  • Learn how to integrate with enterprise systems
  • Summarize data for longer term trending, reporting, and analysis

In Detail

This book will give you an edge over others through insights that will help you in day-to-day instances. When you're working with data from various sources in Splunk and performing analysis on this data, it can be a bit tricky. With this book, you will learn the best practices of working with Splunk.

You'll learn about tools and techniques that will ease your life with Splunk, and will ultimately save you time. In some cases, it will adjust your thinking of what Splunk is, and what it can and cannot do.

To start with, you'll get to know the best practices to get data into Splunk, analyze data, and package apps for distribution. Next, you'll discover the best practices in logging, operations, knowledge management, searching, and reporting. To finish off, we will teach you how to troubleshoot Splunk searches, as well as deployment, testing, and development with Splunk.

Style and approach

If you're stuck or want to find a better way to work with Splunk environment, this book will come handy. This easy-to-follow, insightful book contains step-by-step instructions and examples and scenarios that you will connect to.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Splunk Best Practices an online PDF/ePUB?
Yes, you can access Splunk Best Practices by Travis Marlette in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Visualización de datos. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2016
ISBN
9781785281396
Edition
1
Topic
Ciencia de la computación
Subtopic
Visualización de datos

Splunk Best Practices

Splunk Best Practices

Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: September 2016
Production reference: 1150916
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78528-139-6
www.packtpub.com

Credits

Author
Travis Marlette
Copy Editor
Safis Editing
Reviewer
Chris Ladd
Project Coordinator
Ulhas Kambali
Commissioning Editor
Veena Pagare
Proofreader
Safis Editing
Acquisition Editor
Tushar Gupta
Indexer
Tejal Daruwale Soni
Content Development Editor
Prashanth G Rao
Production Coordinator
Melwyn Dsa
Technical Editor
Murtaza Tinwala
Cover Work
Melwyn Dsa

About the Author

Travis Marlette has been working with Splunk since Splunk 4.0, and has over 7 years of statistical and analytical experience leveraging both Splunk and other technologies. He cut his teeth in the securities and equities division of the finance industry, routing stock market data and performing transactional analysis on stock market trading, as well as reporting security metrics for SEC and other federal audits.
His specialty is in IT operational intelligence, which consists of the lions share of many major companies. Being able to report on security, system-specific, and propriety application metrics is always a challenge for any company and with the increase of IT in the modern day, having a specialist like this will become more and more prominent.
Working in finance, Travis has experience of working to integrate Splunk with some of the newest and most complex technologies, such as:
  • SAS
  • HIVE
  • TerraData (Data Warehouse)
  • Oozie
  • EMC (Xtreme IO)
  • Datameer
  • ZFS
  • Compass
  • Cisco (Security/Network)
  • Platfora
  • Juniper (Security and Network)
  • IBM Web Sphere
  • Cisco Call Manager
  • Java Management Systems (JVM)
  • Cisco UCS
  • IBM MQ Series
  • FireEye
  • Microsoft Active Directory
  • Snort
  • Microsoft Exchange
  • F5
  • Microsoft – OS
  • MapR (Hadoop)
  • Microsoft SQL
  • YARN (Hadoop)
  • Microsoft SCOM
  • NoSQL
  • Linux (Red Hat / Cent OS)
  • Oracle
  • MySQL
  • Nagios
  • LDAP
  • TACACS+
  • ADS
  • Kerberos
  • Gigamon
  • Telecom Inventory Management
  • Riverbed Suite
  • Endace
  • Service Now
  • JIRA
  • Confluence
Travis is has been certified for a series of Microsoft, Juniper, Cisco, Splunk, and network security certifications. His knowledge and experience is truly his most valued currency, and this is demonstrated by every organization that has worked with him to reach their goals.
He has worked with Splunk installations that ingest 80 to 150 GB daily, as well as 6 TB daily, and provided value with each of the installations he’s created to the companies that he’s worked with. In addition he also knows when a project sponsor or manager requires more information about Splunk and helps them understand what Splunk is, and how it can best bring value to their organization without over-committing.
According to Travis, "Splunk is not a 'crystal ball'that's made of unicorn tears, and bottled rainbows, granting wishes and immediate gratification to the person who possesses it. It’s an IT platform that requires good resources supporting it, and is limited only by the knowledge and imagination of those resources". With the right resources, that’s a good limitation for a company to have.
Splunk acts as a ‘Rosetta Stone’ of sorts for machines. It takes thousands of machines, speaking totally different languages all at the same time, and translates that into something a human can understand. This by itself, is powerful.
His passion for innovating new solutions and overcoming challenges leveraging Splunk and other data science tools have been exercised and visualized every day each of his roles. Those roles are cross industry, ranging from Bank of New York and Barclay's Capital, to the Federal Government. Thus far, he and the teams he has worked with have taken each of these organizations further than they have ever been on their Splunk journey. While he continues to bring visibility, add value, consolidate tools, share work, perform predictions, and implement cost savings, he is also are often mentioned as the most resourceful, reliable, and goofy person in the organization. Travis says “A new Splunk implementation is like asking your older brother to turn on a fire hose so you can get a drink of water. Once it’s on, just remember to breathe.”

About the Reviewer

Chris Ladd is a staff sales engineer at Splunk. He has been with Splunk for three years and has been a sales engineer for more than a decade. He has earned degrees from Southwestern University and the University of Houston. He resides in Chicago.

www.PacktPub.com

eBooks, discount offers, and more

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.
At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
eBooks, discount offers, and more
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

  • Fully searchable across every book published by Packt
  • Copy and paste, print, and bookmark content
  • On demand and accessible via a web browser

Preface

Within the working world of technology, there are hundreds of thousands of different applications, all (usually) logging in different formats. As a Splunk expert, our job is make all those...

Table of contents