SPLUNK

Splunk is a powerful software platform designed for

searching, monitoring, and analyzing machine-generated
big data via a web-style interface. It captures, indexes,
and correlates real-time data in a searchable repository,
from which it can generate graphs, reports, alerts,
dashboards, and visualizations.
 WHAT IS SPLUNK ?
JOURNEY OF SPLUNK ?
PROPERTIES OF SPLUNK ?
ALERTS ?
SPLUNK VERSION ?
TOPIC FEATURES OF SPLUNK ?
COVERED SPLUNK ENV ?
TYPES OF COMMANDS ?
USE CASES OF SPLUNK ?
SPLUNK LOGS ?
BENEFITS OF SPLUNK ?
ESSENTIAL FEATURES OF SPLUNK ?
 SPLUNK
TECHNOLOGY

Splunk Inc. is an
American software
company based in San
Francisco, California,
that produces
software for searching,
monitoring, and
analyzing machine-
generated data via a
web-style interface .
Parent organization: Cisco

Founders: Michael Baum, Rob Das,

Erik Swan
CEO: Gary Steele

Revenue: 365 crores USD (2023)

Founded: October 2003

 Splunk is used for several
key reasons, primarily
centered around its ability
to handle and analyze
large volumes of machine-
generated data. Here are
some of the primary
reasons organizations use
SPLUNK PROPERTIES Splunk:
Log Management: Splunk
excels at aggregating and
indexing log data from
multiple sources, making it
easier to search, analyze,
and manage logs.
Real-Time Monitoring: Splunk provides real-
time monitoring of various systems and
applications, enabling organizations to detect
issues and respond quickly.
• Security and
Compliance: Splunk is
widely used for security
information and event
management (SIEM). It
helps detect and respond
to security threats,
monitor compliance, and
manage incident
response.
• Automation: Splunk can
automate repetitive tasks
and workflows, which
helps in improving
efficiency and reducing
the chance of human
error.
• Operational Intelligence: By
analyzing machine data, Splunk
helps organizations gain insights
into their operations, leading to
improved decision-making and
operational efficiency.
• Troubleshooting and Problem
Resolution: Splunk helps in quickly
identifying and resolving issues by
providing a comprehensive view of
system and application logs.
• Data Analytics and Reporting:
Splunk's powerful search
capabilities and analytics tools
enable users to generate reports,
create dashboards, and visualize
data to understand trends and
patterns.
• Scalability: Splunk
can handle large
volumes of data,
making it suitable for
organizations of all
sizes, from small
businesses to large
enterprises
Machine Learning: Splunk incorporates machine
learning capabilities that allow users to build predictive
models, detect anomalies, and gain deeper insights
from their data.

Integration: Splunk can integrate with a wide range

of third-party applications and services, enhancing its
utility across different environments and use cases.

Splunk is a big data platform that simplifies the task of

collecting and managing massive volumes of machine-
generated data and searching for information within it.
The technology is used for business and web analytics,
application management, compliance, and security.
 S PLU NK A L E RT S

Alerts occur when particular criteria are met for the search results. When alerts
activate, we can use the warning actions to respond. It is used to monitor specific
events and respond to them. It includes facts, instructions, and warning action
scenarios for use.

The alerting workflow

Alerts combine a saved search, type and trigger configurations, and action alerts.
Here are some details of how the various portions of an alert work together.
Real-time alert

Real-time alerts constantly scan for incidents. In circumstances where immediate monitoring and responses are relevant,
they can be useful. We can use real-time warnings that occur once per outcome or only if those conditions are met within
a limited time span of rolling.

Per-result triggering

A real-time alert with a triggering condition is sometimes referred to as an "alert per outcome" Use this type of alert and
trigger to search for events continuously and get notifications when events occur.

Here are a few examples of using an actual-time alarm with triggering per-result.

A website administrator on social networking needs to learn if authentication errors occur. She sets up a real-time alert to
look for failed attempts to log in. She chooses a trigger condition per-result so she can track any attempt at failed login.

An admin requires real-time control of a series of hosts for errors. Some errors need a more immediate response than
others. A real-time warning is set up by the admin with a trigger condition per-outcome. He is the one who controls the
flow of the alert using a field representing the less urgent error code and a suppression period of one hour. The alarm
causes any urgent error but for less critical errors at most once in an hour.
 SPLUNK VERSIONS

There are three different versions

of Splunk

Splunk Enterprise

Splunk Light

Splunk Cloud
 Big IT enterprise uses
Splunk Cloud is a website
the Splunk Enterprise
that is the host. It
Version. With the help of
possesses the same
the Splunk tool, we can
Splunk Enterprise Splunk Cloud features as the company
collect and analyze the
version. It can be used
data from mobile
from Splunk or the cloud
phones, websites, and
platform AWS.
applications, etc.

The free version of

Splunk Illumination. It
enables scanning,
recording, and editing of
Splunk Light your log data. Compared
with other versions, it
has limited
functionalities and
features.
 FEATURES OF SPLUNK

DATA INGESTION IN SPLUNK, WE CAN DATA INDEXING SPLUNK INDEXES THE

IMPORT OR INSERT THE INGESTED DATA FOR
DATE FROM DIFFERENT SPEEDIER SEARCH AND
DATA FORMATS LIKE - QUERY ON DIFFERENT
JSON, XML, AND CONDITIONS.
WEBLOGS AND
APPLICATION LOGS
THAT HAVE
UNSTRUCTURED
SYSTEM DATA. THE
UNSTRUCTURED DATA
CAN BE MODELED AS
THE CONSUMER
WANTS IN A DATA
STRUCTURE.
Data Searching Splunk analysis Using Alerts Used to trigger
involves using the emails or RSS feeds
indexed data to when a certain
establish graphs, to requirement is
forecast future identified in the data
trends, and to find that is being
patterns in the data. analyzed.

Dashboards When we searched Data Model The indexed data

anything, the search may be modeled
result is displayed in into one or more
the dashboard in the data sets based on
form of maps, domain expertise. It
reports, pivots, etc. leads to more
straightforward
navigation by end-
users who evaluate
the business cases
without
understanding the
language techniques
used by Splunk to
process information.
 We are going to install the Splunk
Enterprise version. The question arises
that why not any other version apart from
this version is because it contains all the
SPLUNK options that are typically present in this kind
ENVIRONMENT of tool. So, we will enterprise version. It is a
trial version, that is valid for 30 days only. It
has all the premium features as long as the
trial goes. It is available for all the primary
operating system. We are going to install it
on windows and Linux platform.
 IN S TALL IN G S P LU N K ON
L IN U X P L AT F OR M

• Step 1: Click on the Download

Now button that is in front
of .deb package.
 S T E P 2 : G O T O T H E D O W N LOAD S D I R E C T O RY I N
F R O M T H E T E R M I N A L A N D I N S TA L L T H E PAC KAG E .
F O R R E F E R E N C E , YO U C A N U S E T H E I M AG E B E LO W.
• Step 3: Once the
installation of Splunk is
done, you can start
Splunk by accepting its
terms and conditions.
• Next, it will ask for the
user name and
password. You must
note down and
remember it as you will
need these credentials.
• Step 4: Now the Splunk
server will start, and you
have to mention the URL
so that it can access the
Splunk Interface.
• Step 5: Once it is done,
you will be redirected to
the browser, or you can
open it manually.
• The Splunk interface
displays on the browser.
Provide the id and
password that you have
created earlier.

• You have successfully

installed Splunk on your
Linux system.
 SPLUNK - TYPES OF
COMMAND

• Splunk's Search Processing Language (SPL)

includes a wide variety of commands that allow
users to perform different types of data
operations and analyses. These commands can
be broadly categorized into several types based
on their functionality. Here are some of the
primary types of commands in Splunk:
 SEARCH COMMANDS

• search: The basic command to retrieve

events from indexes.
• index: Specifies the index to search in.
• sourcetype: Filters results by source type.
• host: Filters results by host.
 TRANSFORMING COMMANDS

• stats: Performs statistical calculations on

search results.
• timechart: Creates a time-based chart of
results.
• chart: Generates a chart based on search
results.
• top: Finds the most common values in a field.
• rare: Finds the least common values in a
field.
 FILTERING COMMANDS

• where: Filters search results based on

specified conditions.
• rex: Extracts fields using regular expressions.
• regex: Filters events using regular
expressions.
• fields: Selects specific fields to include in
results.
 EVENT PROCESSING
COMMANDS

• eval: Evaluates an expression and stores the

result in a new field.
• transaction: Groups events into transactions
based on specified criteria.
• dedup: Removes duplicate events based on
specified fields.
• sort: Sorts search results by specified fields.
 REPORTING COMMANDS

• report: Generates reports based on search

results.table:
• Displays results in a tabular format.
• chart: Creates charts from search results.
 DATA ENRICHMENT
COMMANDS

• lookup: Enriches data by looking up

additional fields from external datasets.
• inputlookup: Retrieves data from a lookup
table.
• outputlookup: Writes search results to a
lookup table.
 STATISTICAL AND MACHINE
LEARNING COMMANDS

• predict: Makes predictions based on

historical data.
• kmeans: Clusters events into groups using
the k-means algorithm.
• anomalydetection: Identifies anomalies in
data.
 TIME-BASED COMMANDS

• bucket: Divides events into time-based buckets.

• timewrap: Wraps a time series to visualize
periodic patterns.
 DATA MANIPULATION
COMMANDS

• rename: Renames fields in search results.

• replace: Replaces field values with other
values.
• fillnull: Replaces null values with a specified
value.
 UTILITY COMMANDS

outputcsv: Writes search results to a CSV

file.
inputcsv: Reads data from a CSV file.
map: Runs a subsearch for each event in
the main search.
IT Operations:
Monitoring and
troubleshooting
infrastructure and
applications.

Security: Detecting and USE CASES OF

responding to security
incidents. SPLUNK

Compliance: Ensuring
adherence to regulatory
requirements.
 Business Analytics: Gaining IoT: Analyzing data from Internet
insights into business operations of Things devices.
and performance.
SPLUNK
LOGS
 HOW DO WE SEE ALL THE LOGS IN
SPLUNK?

Navigate to Log Observer . In the content control bar,

enter a time range in the time picker if you know it. Select
Index next to Saved Queries, then select the indexes you
want to query.
 A VARIETY OF BENEFITS THAT ARE
OFFERED BY THE SPLUNK

• Real-time screen visibility.

• Splunk offers Better Interface.
• By offering instant results, it reduces
troubleshooting and time-solving.
• It is the most effective method for the study of
root causes.
• Splunk permits the generation of graphs, warnings, and
dashboards.
• Similar findings can be quickly checked and analyzed
using Splunk.
• It enables us to troubleshoot any failure state to improve
performance.
• Helps you to track and make educated decisions on
every company measure.
• Splunk allows Artificial Intelligence to be
incorporated into the data strategy.
• Helps you to gather useful Operational Intelligence
from your system data
• Splunk allows us to recognize any data type such
as .csv, json, log formats, etc.
• Provides the most powerful search and
visualization tools to enable all types of users.
• Allows us to establish a central server, where
Splunk data can be searched from various
sources.
 S P LU N K H A S S O M E E SS E N T I A L F E AT U R E S :

IT ACCELERATES THE THE BUILDING OF REAL- GENERATE ROI FASTER

DEVELOPMENT & TIME DATA
TESTING. APPLICATIONS.
 Agile figures and Real-time Splunk also provides search,
architecture documentation. analysis, and visualization
capabilities to empower users.
Thank you