Scribd
Upload
15 views28 pages

Introto Splunk

Splunk is a tool for searching, monitoring, and analyzing machine-generated big data. It captures, indexes, and correlates real-time data from sources across an organization in a searchable repository. This allows users to identify patterns, diagnose potential problems, and gain intelligence. Splunk has features like centralized data storage, visualization, and applications for use cases like IT operations, web analytics, security, and compliance. Its architecture includes search heads, forwarders, indexers, and a deployment server to ingest, index, search, and analyze large volumes of machine data.

Uploaded by

bender1686
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views28 pages

Introto Splunk

Splunk is a tool for searching, monitoring, and analyzing machine-generated big data. It captures, indexes, and correlates real-time data from sources across an organization in a searchable repository. This allows users to identify patterns, diagnose potential problems, and gain intelligence. Splunk has features like centralized data storage, visualization, and applications for use cases like IT operations, web analytics, security, and compliance. Its architecture includes search heads, forwarders, indexers, and a deployment server to ingest, index, search, and analyze large volumes of machine data.

Uploaded by

bender1686
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

Big Data Analytics

Splunk

Lecture #1
What is Splunk? By Wikipedia

Tool for searching, monitoring, and


analyzing machine-generated big data

Captures, indexes and correlates real-time


data in a searchable repository from which it
can generate graphs, reports, alerts,
dashboards and visualizations
What is Splunk? By Wikipedia

Machine Data
accessible across organization
identify patterns
diagnose potential problems
provide intelligence
Why Splunk?
Machines produce great volumes of data

From technology to business value


What can Splunk do?
Google-like tool for machine data
• Search
• Investigate
• Troubleshoot
• Monitor
• Visualize
• Alert
Splunk Features

Central Repository
Data Access for Analytics
Structure and meaning of data
Visualization
Applications
Splunk Architecture
4 Major components
Search Head
Forwader
Indexer
Deployment Server
Splunk Architecture
Search Head

GUI for Splunk search, analysis and


reporting
Splunk Architecture
Forwader
Universal forwarder (UF)
Heavy weight forwarder (HWF)
Splunk Architecture
Indexer

Indexing incoming data


Searching the indexed data
Splunk Architecture
Indexer
Splunk Architecture
Deployment Server
Host and deploy apps to different components

Deploy technology add-ons to forwarders and


indexers for index-time knowledge
What are some Splunk
Use Cases?
Use Cases
IT and operations
Index data from firewalls
Intrusion detection system
Use Cases
Web Analytics
Web site performance metrics
Efficacy of the on line promotions
Web traffic and stream downloads
Use Cases
Internet of Things
Metropolitan data
Wi-Fi enabled Nest
Elevator usage
Use Cases
Security
Security log data
Network log data
Compliance
Auditing standards
Splunk Architecture
Distributed Search and
Summary Indexing Tier

Indexing Tier
… x5

Forwarders or
Forwarding Tier

Data Sources

desktops laptops servers/VMs proxy applications syslog firewall config


Splunk and Big Data

You might also like