book

Data Analytics Using Splunk 9.x

by Dr. Nadine Shillingford

January 2023

Intermediate to advanced

336 pages

7h 43m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorAbout the reviewers
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesConventions usedGet in touchShare Your ThoughtsDownload a free PDF copy of this book
Splunking big dataHow is big data generated?Understanding SplunkExploring Splunk componentsForwardersIndexersSearch headsIntroducing the case study – splunking the  BOTS Dataset v1The setupSummary
Technical requirementsInstalling Splunk EnterpriseDeploying AWS EC2 instances with the Splunk Enterprise AMIDeploying AWS EC2 instances with the Windows Server 19 Base AMISetting up Splunk forwardersSetting up Splunk deployment serversSetting up Splunk indexersSetting up Splunk search headsInstalling additional Splunk add-ons and appsInstalling the BOTS Dataset v1 appManaging access to SplunkUsersSummary
Exploring inputs.conf using the Splunk Add-on for Microsoft WindowsUnderstanding the filesystem of a Splunk add-onExploring inputs.confExtracting fields using Splunk WebField aliasesCalculated fieldsField extractionsExtracting fields using props.conf and transforms.confCreating event types and taggingSummary
Understanding the Splunk search interfaceDissecting a Splunk queryFormatting and transforming dataSimple mathematical functionsSummary
Exploring more Splunk commandsStreaming commandsGenerating commandsTransforming commandsOrchestrating commandsDataset processing commandsjoinEnhancing logs with lookupsSimplifying Splunk searches with macrosSummary
Creating and formatting tablesCreating and formatting chartsCreating advanced chartsScatter plotsBubble chartsChoropleth mapsSummary

Adding tables and charts to dashboardsEditing a dashboard panelAdding inputs, tokens, and drilldownsCreating dropdown inputsAdding a time pickerExploring the dashboard sourceAdding reports and drilldowns to dashboardsExperimenting with the new Dashboard StudioSummary
Understanding Splunk indexing and bucketsExploring Splunk queuesParsingIndexingDiscussing Splunk licensing modelsConfiguring licensesSummary
Introducing Splunk clustersUnderstanding search head clustersConfiguring a search head clusterUnderstanding indexer clustersReplication factorConfiguring indexer clustersSummary
Understanding data modelsLookupsTable datasetsData model datasetsAccelerating data modelsUnderstanding the tstats commandExploring the Splunk CIM add-onImproving performanceSummary
Exploring multisite Splunk deploymentsSplunk Cloud PlatformMultisite search deploymentsHybrid searchConfiguring federated searchUsing federated searchSearching remote indexesSearching remote saved searchesSearching remote data modelsSummary
Understanding container managementDeploying Splunk in DockerGetting started with Splunk Operator for KubernetesExploring container logs using SplunkSummary
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Content preview from Data Analytics Using Splunk 9.x

1 Introduction to Splunk and its Core Components

A few years ago, I was hired by the IT security team of a large healthcare company to work as a security engineer. At the time, the company had a homegrown Security Information and Event Management (SIEM) system and was at the initial stages of rolling in a brand new Splunk deployment. Physical servers were ordered and scheduled to be delivered and licensing paperwork was completed. A Splunk Education instructor conducted on-site core Splunk and Splunk Enterprise Security training, and we were ready to go. The thought of working with Splunk was so exciting. At the time, we were getting ready to install Splunk 6.x with one of the earlier releases of Splunk Enterprise Security. Before my arrival, ...