Scribd
Upload
1K views

Introduction To Splunk

The 3-day training agenda covers installation and configuration of Splunk on day 1, searching and hands-on exercises on day 1 and 2, and distributed architecture, demo of cluster setup, and activity on setting up a cluster on day 3. Splunk is a platform for operational intelligence, log analytics, and machine data visualizations. It indexes machine data from various sources and makes it accessible for searching, reporting, monitoring, and alerting. The key components of Splunk Enterprise are forwarders to collect data, indexers to parse and index data, and search heads for querying indexed data.

Uploaded by

Santhoshi G
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views

Introduction To Splunk

The 3-day training agenda covers installation and configuration of Splunk on day 1, searching and hands-on exercises on day 1 and 2, and distributed architecture, demo of cluster setup, and activity on setting up a cluster on day 3. Splunk is a platform for operational intelligence, log analytics, and machine data visualizations. It indexes machine data from various sources and makes it accessible for searching, reporting, monitoring, and alerting. The key components of Splunk Enterprise are forwarders to collect data, indexers to parse and index data, and search heads for querying indexed data.

Uploaded by

Santhoshi G
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Introduction to

Operational Intelligence Using Splunk - Agenda


Day 1 Day 2
1. Overview of APM & Operational 6. Creating splunk app & Reporting
Intelligence
7. Creating dashboards
2. Introduction to Splunk
3. Installation & configuration [Hands-on] 8. Demo & Hands-on

4. Search (Splunk processing language) Day3


5. Search – Hands on 9. Distributed architecture
10. Demo Cluster setup

11. Activity Cluster setup


What is splunk?
• Splunk is a platform used for Operational Intelligence, log analytics and
machine data visualizations.
• Splunk helps with handling Machine data – structured/unstructured/semi-
structured data.
• The background data that is lost gets the spotlight through Splunk, giving
us useful insights
• It can be used for different forms of visualizations, alerts, lookups, reports
etc.,
• Splunk is a paid tool. Licensing is based on the amount of data indexed per
day.
• Splunk has its own query language – Splunk Search Processing Language
What is Splunk?
Make machine data accessible, usable & valuable
Splunk usage
Operational
Intelligence

Index
Report & Data Log
Analyze Analytics

Search &
Reporting
Machine data
Monitor & Alert visualizations
Add Knowledge
Splunk components

Search Head

Indexer

Splunk
Enterprise Forwarder
Splunk Enterprise
Data Phases in splunk

Source
Sourcetype
Host
Index –
main(default)
Splunk Phases - Detailed
• Input phase – is handled at the source ( mostly forwarder)
The source data is opened & read, any configuration settings are applied.
• Parsing phase – handled by heavy forwarder or indexer(part of Splunk enterprise)
Data is broken down into a series of events and advanced operations like masking, selection can be done
• Indexing phase – The parsed data runs through the license meter before getting written to disk, prior to
compression.
Indexed data cannot be changed.
• Search phase – Taken care of by the search head (part of splunk enterprise)
Licensing
Source Parsing meter Indexing Searching

Universal
Fwd
Data Disk
Splunk Enterprise - Standalone

Splunk Enterprise
Splunk Deployment – Basic

Searching

Indexing

Parsing

From Input
Forwarders
Splunk Deployment - Distributed
Search Head

Indexer

Forwarder

Deployment
Server
Index DBs in splunk
• Hot bucket
• Warm bucket
• Cold bucket
• Frozen bucket  thawed bucket
Licensing
Splunk license meters works based on the amount of data indexed per
day.
For more details on splunk license, refer :
https://docs.splunk.com/Documentation/Splunk/6.4.2/Admin/Manage
yourlicenses
Splunk Directory structure
• $ SPLUNK_HOME - C:\Program Files\Splunk (for windows)
SPLUNK_HOME

bin etc var


Licenses, config
executables
system apps users
lib

search launcher < custom


apps> splunk

indexes

You might also like