- 348 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Advanced Splunk
About this book
Master the art of getting the maximum out of your machine data using Splunk
About This Book
- A practical and comprehensive guide to the advanced functions of Splunk, including the new features of Splunk 6.3
- Develop and manage your own Splunk apps for greater insight from your machine data
- Full coverage of high-level Splunk techniques including advanced searches, manipulations, and visualization
Who This Book Is For
This book is for Splunk developers looking to learn advanced strategies to deal with big data from an enterprise architectural perspective. It is expected that readers have a basic understanding and knowledge of using Splunk Enterprise.
What You Will Learn
- Find out how to develop and manage apps in Splunk
- Work with important search commands to perform data analytics on uploaded data
- Create visualizations in Splunk
- Explore tweaking Splunk
- Integrate Splunk with any pre-existing application to perform data crunching efficiently and in real time
- Make your big data speak with analytics and visualizations using Splunk
- Use SDK and Enterprise integration with tools such as R and Tableau
In Detail
Master the power of Splunk and learn the advanced strategies to get the most out of your machine data with this practical advanced guide. Make sense of the hidden data of your organization โ the insight of your servers, devices, logs, traffic and clouds. Advanced Splunk shows you how.
Dive deep into Splunk to find the most efficient solution to your data problems. Create the robust Splunk solutions you need to make informed decisions in big data machine analytics. From visualizations to enterprise integration, this well-organized high level guide has everything you need for Splunk mastery.
Start with a complete overview of all the new features and advantages of the latest version of Splunk and the Splunk Environment. Go hands on with uploading data, search commands for basic and advanced analytics, advanced visualization techniques, and dashboard customizing. Discover how to tweak Splunk to your needs, and get a complete on Enterprise Integration of Splunk with various analytics and visualization tools. Finally, discover how to set up and use all the new features of the latest version of Splunk.
Style and approach
This book follows a step by step approach. Every new concept is built on top of its previous chapter, and it is full of examples and practical scenarios to help the reader experiment as they read.
Tools to learn more effectively
Saving Books
Keyword Search
Annotating Text
Listen to it instead
Information
Advanced Splunk
Table of Contents
Advanced Splunk
Credits
About the Author
Acknowledgements
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Instant updates on new Packt books
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. What's New in Splunk 6.3?
Splunk's architecture
The need for parallelization
Index parallelization
Search parallelization
Pipeline parallelization
The search scheduler
Summary parallelization
Data integrity control
Intelligent job scheduling
The app key-value store
System requirements
Uses of the key-value store
Components of the key-value store
Managing key-value store collections via REST
Examples
Replication of the key-value store
Splunk Enterprise Security
Enabling HTTPS for Splunk Web
Enabling HTTPS for the Splunk forwarder
Securing a password with Splunk
The access control list
Authentication using SAML
Summary
2. Developing an Application on Splunk
Splunk apps and technology add-ons
What is a Splunk app?
What is a technology add-on?
Developing a Splunk app
Creating the Splunk application and technology add-on
Packaging the application
Installing a Splunk app via Splunk Web
Installing the Splunk app manually
Developing a Splunk add-on
Building an add-on
Installing a technology add-on
Managing Splunk apps and add-ons
Splunk apps from the app store
Summary
3. On-boarding Data in Splunk
Deep diving into various input methods and sources
Data sources
Structured data
Web and cloud services
IT operations and network security
Databases
Application and operating system data
Data input methods
Files and directories
Network sources
Windows data
Adding data to Splunk โ new interfaces
HTTP Event Collector and configuration
HTTP Event Collector
Configuration via Splunk Web
Managing the Event Collector token
The JSON API format
Authentication
Metadata
Event data
Data processing
Event configuration
Character encoding
Event line breaking
Timestamp configuration
Host configuration
Configuring a static host value โ files and directories
Configuring a dynamic host value โ files and directories
Configuring a host value โ events
Managing event segmentation
Improving the data input process
Summary
4. Data Analytics
Data and indexes
Accessing data
The index command
The eventcount command
The datamodel command
The dbinspect command
The crawl command
Managing data
The input command
The delete command
The clean command
Summary indexing
Search
The search command
The sendmail command
The localop command
Subsearch
The append command
The appendcols command
The appendpipe command
The join command
Time
The reltime command
The localize command
Fields
The eval command
The xmlkv command
The spath command
The makemv command
The fillnull command
The filldown command
The replace command
Results
The fields command
The searchtxn command
The head / tail command
The inputcsv command
The outputcsv command
Summary
5. Advanced Data Analytics
Reports
The makecontinuous command
The addtotals command
The xyseries command
Geography and location
The iplocation command
The geostats command
Anomalies
The anomalies command
The anomalousvalue command
The cluster command
The kmeans command
The outlier command
The rare command
Predicting and trending
The predict command
The trendline command
The x11 command
Correlation
The correlate command
The associate command
The diff command
The contingency command
Machine learning
Summary
6. Visualization
Prerequisites โ configuration settings
Tables
Tables โ Data overlay
Tables โ Sparkline
Sparkline โ Filling and changing color
Sparkline โ The max value indicator
Sparkline โ A bar style
Tables โ An icon set
Single value
Charts
Charts โ Coloring
Chart overlay
Bubble charts
Drilldown
Dynamic drilldown
The x-axis or y-axis value as a token to a form
Dynamic drilldown to pass a respective row's specific column value
Dynamic drilldown to pass a fieldname of a clicked value
Contextual drilldown
The URL field value drilldown
Single value drilldown
Summary
7. Advanced Visualization
Sunburst sequence
What is a sunburst sequence?
Example
Implementation
Geospatial visualization
Example
Syntax
Search query
Implementation
Punchcard visualization
Example
Search query
Implementation
Calendar heatmap visualization
Example
Search query
Implementation
The Sankey diagram
Example
Implementation
Parallel coordinates
Example
Search query
Implementation
The force directed graph
Example
Implementation
Custom chart overlay
Example
Implementation
Custom decorations
Example
What is the use of such custom decorations?
Implementation
Summary
8. Dashboard Customization
Dashboard controls
HTML dashboard
Display controls
Example and implementation
Syntax
Form input controls
Example and implementation
Panel controls
Example and implementation
Enabling/disabling refresh time
Disabling the manual refresh link
Enabling auto refresh
Multi-search management
Example
Implementation
Tokens
Eval tokens
Syntax of t...
Table of contents
- Advanced Splunk
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, weโve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere โ even offline. Perfect for commutes or when youโre on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Advanced Splunk by Ashish Kumar Tulsiram Yadav in PDF and/or ePUB format, as well as other popular books in Computer Science & Data Processing. We have over one million books available in our catalogue for you to explore.