Learning Splunk

Learning Splunk

by Tom Kopchak
Released March 2020
Publisher(s): Packt Publishing
ISBN: 9781789801002

Explore a preview version of Learning Splunk right now.

O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from 200+ publishers.

Start your free trial

Video description

Build a Splunk instance, and learn the concepts and terminology you need to produce insightful data reports and dashboard from data

About This Video

  • Build and administer a Splunk system and use it to complete lab activities—no need for preexisting Splunk environments.
  • Hands-on labs walk you through building environments, bringing in data, and ultimately using your own Splunk environment that you built yourself!

In Detail

Maybe you've heard about Splunk, but don't know how to use it to take control of big data? Have you used Splunk, but want to learn how to set it up and use it properly? If so, this course is for you.

In this course, you will work with Splunk from the ground up. You'll learn the basics of Splunk terminology, and how to use the Splunk web interface to find data. You'll also build your own Splunk environment, add data to the Common Information Model (CIM), create dashboards, and find events within data. Finally, you'll master advanced searching techniques that are especially useful to those in network, security, and system administration roles.

The course also covers the latest additions brought in for Splunk 8 and helps you quickly perform an upgrade. By the end of the course, you will be confident about using Splunk and will be well on the road to becoming a proficient Splunk architect and administrator as quickly as possible!

Who this book is for

This course is for IT professionals and data analysts who want to get started with Splunk and rapidly take their skills to the point where they can get hands-on and fully proficient with its features and benefits.

Requirement: No prior knowledge of Splunk is needed for taking this course, but a Splunk account (free of charge) will be required for the lab activities. Knowledge of Unix/Linux command line will be helpful.

Publisher resources

Download Example Code

Table of contents

  1. Chapter 1 : Introduction to Splunk
    1. Course Overview
    2. What Is Splunk
    3. What Are Logs and Why They Matter
    4. Setting Up an AWS Environment
    5. Splunk Installation
  2. Chapter 2 : Splunk Terminology
    1. Splunk - Splexicon
    2. What Data Looks Like in Splunk - Events
    3. Getting Data Out of Splunk - Search
    4. Saved Searches - Report
    5. Visualizing Data - Dashboard
    6. Splunk's Search Language - Search Processing Language
    7. What Type of Data Do We Have - Sourcetype
    8. How is Data Stored - Index
    9. Making Data Useful with Knowledge Objects and Fields
    10. Enriching Data - Lookup Table
  3. Chapter 3 : Data Onboarding
    1. How to Approach Data Onboarding
    2. Hands-On Lab: Onboarding Linux Authentication Logs
    3. Field Extractions Using Splunk Apps
    4. What If There Is Not an App Available
    5. Splunk Configuration Files
  4. Chapter 4 : Splunk Deployment Components
    1. Core Splunk Infrastructure - Indexes and Search Heads
    2. Supporting Infrastructure - Forwarders
    3. Supporting Infrastructure - Syslog Receiver
    4. Supporting Infrastructure - Deployment Server
    5. Splunk Licensing - How It Works and How to Investigate Your License Utilization
    6. Splunk Clustering - Building Splunk for Fault Tolerance
    7. Distributed Splunk Environments
    8. Splunk Apps - The Building Blocks of Any Splunk Deployment
  5. Chapter 5 : Data Normalization and Data Models
    1. Onboarding Iptables Logs
    2. Normalizing Data Using the Splunk Common Information Model (CIM)
    3. Applying the Common Information Model to Your Firewall Logs
  6. Chapter 6 : Using Your Splunk Environment
    1. Overview of Splunk UI
    2. Using Fields
    3. Hands-on Lab: Working with the Splunk UI
    4. Splunk Search Models
    5. Hands-On Lab: Splunk Search Modes
    6. The Search Pipeline
    7. Hands-On Lab: Search Pipeline
  7. Chapter 7 : Visualizing Data
    1. Reporting Log Data - Tables
    2. Hands-On Lab: Tables - Displaying Search Results
    3. Advanced Searching Concepts - Chart - Graphing Search Results
    4. Advanced Searching Concepts - Timechart - Results Over Time
    5. Advanced Searching Concepts - Geostats and IP Location
    6. Advanced Searching Concepts: Eval - Manipulating and Reformatting Data
    7. Advanced Searching Concepts: Rename – Making Table Headers More Accessible
    8. Advanced Searching Concepts: Relative Time Syntax
    9. Advanced Searching Concepts: Search Performance - Gotchas to Avoid
    10. Advanced Searching Concepts: Time to Experiment – Expanding Your Splunk Knowledge
    11. Creating Splunk Dashboards
    12. Hands-On Lab: Dashboards
  8. Chapter 8 : Upgrading Splunk
    1. Splunk Release Cycles
    2. What's New in Splunk 8.0
    3. Planning for an Upgrade
    4. Backing up Your Splunk Instance
    5. Performing a Splunk Upgrade
    6. Hands-on Lab: Upgrading Your Lab System

Product information

  • Title: Learning Splunk
  • Author(s): Tom Kopchak
  • Release date: March 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781789801002