Advanced Splunk master the art of getting the maximum out of your machine data using Splunk
Master the art of getting the maximum out of your machine data using Splunk About This Book A practical and comprehensive guide to the advanced functions of Splunk,, including the new features of Splunk 6.3 Develop and manage your own Splunk apps for greater insight from your machine data Full cover...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing
2016.
|
| Edición: | 1. |
| Colección: | Professional expertise distilled.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630455506719 |
Tabla de Contenidos:
- Cover
- Copyright
- Credits
- About the Author
- Acknowledgements
- About the Reviewer
- www.PacktPub.com
- Table of Contents
- Preface
- Chapter 1: What's new in Splunk 6.3?
- Splunk's architecture
- The need for parallelization
- Index parallelization
- Search parallelization
- Pipeline parallelization
- The search scheduler
- Summary parallelization
- Data integrity control
- Intelligent job scheduling
- The app key-value store
- System requirements
- Uses of the key-value store
- Components of the key-value store
- Managing key-value store collections via REST
- Examples
- Replication of the key-value store
- Splunk Enterprise Security
- Enabling HTTPS for Splunk Web
- Enabling HTTPS for the Splunk forwarder
- Securing a password with Splunk
- The access control list
- Authentication using SAML
- Summary
- Chapter 2: Developing an Application on Splunk
- Splunk apps and technology add-ons
- What is a Splunk app?
- What is a technology add-on?
- Developing a Splunk app
- Creating the Splunk application and technology add-on
- Packaging the application
- Installing a Splunk app via Splunk Web
- Installing the Splunk app manually
- Developing a Splunk add-on
- Building an add-on
- Installing a technology add-on
- Managing Splunk apps and add-ons
- Splunk apps from the app store
- Summary
- Chapter 3: On-Boarding Data in Splunk
- Deep diving into various input methods and sources
- Data sources
- Structured data
- Web and cloud services
- IT operations and network security
- Databases
- Application and operating system data
- Data input methods
- Files and directories
- Network sources
- Windows data
- Adding data to Splunk-new interfaces
- HTTP Event Collector and configuration
- HTTP Event Collector
- Configuration via Splunk Web
- Managing the Event Collector token.
- The JSON API format
- Authentication
- Metadata
- Event data
- Data processing
- Event configuration
- Character encoding
- Event line breaking
- Timestamp configuration
- Host configuration
- Configuring a static host value - files and directories
- Configuring a dynamic host value - files and directories
- Configuring a host value - events
- Managing event segmentation
- Improving the data input process
- Summary
- Chapter 4: Data Analytics
- Data and indexes
- Accessing data
- The index command
- The eventcount command
- The datamodel command
- The dbinspect command
- The crawl command
- Managing data
- The input command
- The delete command
- The clean command
- Summary indexing
- Search
- The search command
- The sendmail command
- The localop command
- Subsearch
- The append command
- The appendcols command
- The appendpipe command
- The join command
- Time
- The reltime command
- The localize command
- Fields
- The eval command
- The xmlkv command
- The spath command
- The makemv command
- The fillnull command
- The filldown command
- The replace command
- Results
- The fields command
- The searchtxn command
- The head / tail command
- The inputcsv command
- The outputcsv command
- Summary
- Chapter 5: Advanced Data Analytics
- Reports
- The makecontinuous command
- The addtotals command
- The xyseries command
- Geography and location
- The iplocation command
- The geostats command
- Anomalies
- The anomalies command
- The anomalousvalue command
- The cluster command
- The kmeans command
- The outlier command
- The rare command
- Predicting and trending
- The predict command
- The trendline command
- The x11 command
- Correlation
- The correlate command
- The associate command
- The diff command
- The contingency command
- Machine learning
- Summary.
- Chapter 6: Visualization
- Prerequisites - configuration settings
- Tables
- Tables - Data overlay
- Tables - Sparkline
- Sparkline - Filling and changing color
- Sparkline - The max value indicator
- Sparkline - A bar style
- Tables - An icon set
- Single value
- Charts
- Charts - Coloring
- Chart overlay
- Bubble charts
- Drilldown
- Dynamic drilldown
- The x-axis or y-axis value as a token to a form
- Dynamic drilldown to pass a respective row's specific column value
- Dynamic drilldown to pass a fieldname of a clicked value
- Contextual drilldown
- The URL field value drilldown
- Single value drilldown
- Summary
- Chapter 7: Advanced Visualization
- Sunburst sequence
- What is a sunburst sequence?
- Example
- Implementation
- Geospatial visualization
- Example
- Syntax
- Search query
- Implementation
- Punchcard visualization
- Example
- Search query
- Implementation
- Calendar heatmap visualization
- Example
- Search query
- Implementation
- The Sankey diagram
- Example
- Implementation
- Parallel coordinates
- Example
- Search query
- Implementation
- The force directed graph
- Example
- Implementation
- Custom chart overlay
- Example
- Implementation
- Custom decorations
- Example
- What is the use of such custom decorations?
- Implementation
- Summary
- Chapter 8: Dashboard Customization
- Dashboard controls
- HTML dashboard
- Display controls
- Example and implementation
- Syntax
- Form input controls
- Example and implementation
- Panel controls
- Example and implementation
- Multisearch management
- Example
- Implementation
- Tokens
- Eval tokens
- Syntax of the eval token
- Example
- Implementation
- Custom tokens
- Example
- Implementation
- Null search swapper
- Example
- Implementation
- Switcher
- Link switcher
- Example and implementation.
- Button switcher
- Example and implementation
- Summary
- Chapter 9: Advanced Dashboard Customization
- Layout customization
- Panel width
- Example
- Implementation
- Grouping
- Example
- Implementation
- Panel toggle
- Example
- Implementation
- Image overlay
- Example
- Implementation
- Custom look and feel
- Example and implementation
- The custom alert action
- What is alerting?
- Alerting
- The features
- Implementation
- Example
- Summary
- Chapter 10: Tweaking Splunk
- Index replication
- Standalone environment
- Distributed environment
- Replication
- Searching
- Failures
- Indexer auto-discovery
- Example
- Implementation
- Sourcetype manager
- Field extractor
- Accessing field extractor
- Using field extractor
- Example
- Regular expression
- Delimiter
- Search history
- Event pattern detection
- Data acceleration
- Need for data acceleration
- Data model acceleration
- Splunk buckets
- Search optimizations
- Time range
- Search modes
- Scope of searching
- Search terms
- Splunk health
- splunkd log
- Search log
- Summary
- Chapter 11: Enterprise Integration with Splunk
- The Splunk SDK
- Installing the Splunk SDK
- The Splunk SDK for Python
- Importing the Splunk API in Python
- Connecting and authenticating the Splunk server
- Splunk APIs
- Creating and deleting an index
- Creating input
- Uploading files
- Saved searches
- Splunk searches
- Splunk with R for analytics
- The setup
- Using R with Splunk
- Splunk with Tableau for visualization
- The setup
- Using Tableau with Splunk
- Summary
- Chapter 12: What Next? Splunk 6.4
- Storage optimization
- Machine learning
- Management and admin
- Indexer and search head enhancement
- Visualizations
- Multi-search management
- Enhanced alert actions
- Summary
- Index.
