book

Advanced Splunk

Name: Advanced Splunk
Author: Ashish Kumar Tulsiram Yadav
ISBN: 9781785884351

by Ashish Kumar Tulsiram Yadav

June 2016

Beginner to intermediate

348 pages

7h 45m

English

Packt Publishing

Read now

Unlock full access

Advanced Splunk
Table of Contents
Advanced Splunk
Credits
About the Author
Acknowledgements
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and moreWhy subscribe?Instant updates on new Packt books
Preface
What this book covers
What you need for this book

Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this bookErrataPiracyQuestions
1. What's New in Splunk 6.3?
Splunk's architectureThe need for parallelizationIndex parallelization
Search parallelization
Pipeline parallelizationThe search schedulerSummary parallelization
Data integrity control
Intelligent job scheduling
The app key-value store
System requirementsUses of the key-value storeComponents of the key-value storeManaging key-value store collections via RESTExamplesReplication of the key-value store
Splunk Enterprise Security
Enabling HTTPS for Splunk WebEnabling HTTPS for the Splunk forwarderSecuring a password with SplunkThe access control list
Authentication using SAML
Summary
2. Developing an Application on Splunk
Splunk apps and technology add-onsWhat is a Splunk app?What is a technology add-on?
Developing a Splunk app
Creating the Splunk application and technology add-onPackaging the applicationInstalling a Splunk app via Splunk WebInstalling the Splunk app manually
Developing a Splunk add-on
Building an add-onInstalling a technology add-on
Managing Splunk apps and add-ons
Splunk apps from the app store
Summary
3. On-boarding Data in Splunk
Deep diving into various input methods and sourcesData sourcesStructured dataWeb and cloud servicesIT operations and network securityDatabasesApplication and operating system dataData input methodsFiles and directoriesNetwork sourcesWindows data
Adding data to Splunk – new interfaces
HTTP Event Collector and configurationHTTP Event CollectorConfiguration via Splunk WebManaging the Event Collector tokenThe JSON API formatAuthenticationMetadataEvent data
Data processing
Event configurationCharacter encodingEvent line breakingTimestamp configurationHost configurationConfiguring a static host value – files and directoriesConfiguring a dynamic host value – files and directoriesConfiguring a host value – events
Managing event segmentation
Improving the data input process
Summary
4. Data Analytics
Data and indexesAccessing dataThe index commandThe eventcount commandThe datamodel commandThe dbinspect commandThe crawl commandManaging dataThe input commandThe delete commandThe clean commandSummary indexing
Search
The search commandThe sendmail commandThe localop command
Subsearch
The append commandThe appendcols commandThe appendpipe commandThe join command
Time
The reltime commandThe localize command
Fields
The eval commandThe xmlkv commandThe spath commandThe makemv commandThe fillnull commandThe filldown commandThe replace command
Results
The fields commandThe searchtxn commandThe head / tail commandThe inputcsv commandThe outputcsv command
Summary
5. Advanced Data Analytics
ReportsThe makecontinuous commandThe addtotals commandThe xyseries command
Geography and location
The iplocation commandThe geostats command
Anomalies
The anomalies commandThe anomalousvalue commandThe cluster commandThe kmeans commandThe outlier commandThe rare command
Predicting and trending
The predict commandThe trendline commandThe x11 command
Correlation
The correlate commandThe associate commandThe diff commandThe contingency command
Machine learning
Summary
6. Visualization
Prerequisites – configuration settings
Tables
Tables – Data overlayTables – SparklineSparkline – Filling and changing colorSparkline – The max value indicatorSparkline – A bar styleTables – An icon set
Single value
Charts
Charts – ColoringChart overlayBubble charts
Drilldown
Dynamic drilldownThe x-axis or y-axis value as a token to a formDynamic drilldown to pass a respective row's specific column valueDynamic drilldown to pass a fieldname of a clicked valueContextual drilldownThe URL field value drilldownSingle value drilldown
Summary
7. Advanced Visualization
Sunburst sequenceWhat is a sunburst sequence?ExampleImplementation
Geospatial visualization
ExampleSyntaxSearch queryImplementation
Punchcard visualization
ExampleSearch queryImplementation
Calendar heatmap visualization
ExampleSearch queryImplementation
The Sankey diagram
ExampleImplementation
Parallel coordinates
ExampleSearch queryImplementation
The force directed graph
ExampleImplementation
Custom chart overlay
ExampleImplementation
Custom decorations
ExampleWhat is the use of such custom decorations?Implementation
Summary
8. Dashboard Customization
Dashboard controlsHTML dashboardDisplay controlsExample and implementationSyntaxForm input controlsExample and implementationPanel controlsExample and implementationEnabling/disabling refresh timeDisabling the manual refresh linkEnabling auto refresh
Multi-search management
ExampleImplementation
Tokens
Eval tokensSyntax of the eval tokenExampleImplementationCustom tokensExampleImplementation
Null search swapper
ExampleImplementation
Switcher
Link switcherExample and implementationButton switcherExample and implementation
Summary
9. Advanced Dashboard Customization
Layout customizationPanel widthExampleImplementationGroupingExampleSingle-value groupingVisualization groupingImplementationPanel toggleExampleImplementationImage overlayExampleWhat is the use of image overlay?Where can image overlay be used?Implementation
Custom look and feel
Example and implementation
The custom alert action
What is alerting?AlertingThe featuresImplementationExample
Summary
10. Tweaking Splunk
Index replicationStandalone environmentDistributed environmentReplicationSearchingFailures
Indexer auto-discovery
ExampleImplementation
Sourcetype manager
Field extractor
Accessing field extractorUsing field extractorExampleRegular expressionDelimiter
Search history
Event pattern detection
Data acceleration
Need for data accelerationData model acceleration
Splunk buckets
Search optimizations
Time rangeSearch modesScope of searchingSearch terms
Splunk health
splunkd logSearch log
Summary
11. Enterprise Integration with Splunk
The Splunk SDK
Installing the Splunk SDK
The Splunk SDK for Python
Importing the Splunk API in PythonConnecting and authenticating the Splunk serverSplunk APIsCreating and deleting an indexCreating inputUploading filesSaved searchesSplunk searches
Splunk with R for analytics
The setupUsing R with Splunk
Splunk with Tableau for visualization
The setupUsing Tableau with Splunk
Summary
12. What Next? Splunk 6.4
Storage optimization
Machine learning
Management and admin
Indexer and search head enhancement
Visualizations
Multi-search management
Enhanced alert actions
Summary
Index

Content preview from Advanced Splunk

Fields

The fields subset of commands on Splunk is used to add, extract, and modify fields and field values. These commands help users enrich the data, do mathematical and string operations on the fields, and derive insight from the data.

The eval command

The eval command of Splunk is very useful and powerful. It can be used to evaluate Boolean, mathematical, or string expressions. It can also be used to create custom (new) fields using existing fields or arbitrary expressions. This command can be used to create new fields, which is the result of some calculations, or use conditional operators such as if, case, match, and so on to apply some expression and evaluate the result.

The eval command can also be used to coalesce fields from different sources ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781785884351

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Advanced Splunk

by Ashish Kumar Tulsiram Yadav

Fields

The eval command

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.