O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Splunk: Enterprise Operational Intelligence Delivered

Book Description

Demystify Big Data and discover how to bring operational intelligence to your data to revolutionize your work

About This Book

  • Get maximum use out of your data with Splunk's exceptional analysis and visualization capabilities
  • Analyze and understand your operational data skillfully using this end-to-end course
  • Full coverage of high-level Splunk techniques such as advanced searches, manipulations, and visualization

Who This Book Is For

This course is for software developers who wish to use Splunk for operational intelligence to make sense of their machine data. The content in this course will appeal to individuals from all facets of business, IT, security, product, marketing, and many more

What You Will Learn

  • Install and configure the latest version of Splunk.
  • Use Splunk to gather, analyze, and report data
  • Create Dashboards and Visualizations that make data meaningful
  • Model and accelerate data and perform pivot-based reporting
  • Integrate advanced JavaScript charts and leverage Splunk's APIs
  • Develop and Manage apps in Splunk
  • Integrate Splunk with R and Tableau using SDKs

In Detail

Splunk is an extremely powerful tool for searching, exploring, and visualizing data of all types. Splunk is becoming increasingly popular, as more and more businesses, both large and small, discover its ease and usefulness. Analysts, managers, students, and others can quickly learn how to use the data from their systems, networks, web traffic, and social media to make attractive and informative reports. This course will teach everything right from installing and configuring Splunk.

The first module is for anyone who wants to manage data with Splunk. You'll start with very basics of Splunk— installing Splunk— before then moving on to searching machine data with Splunk. You will gather data from different sources, isolate them by indexes, classify them into source types, and tag them with the essential fields.

With more than 70 recipes on hand in the second module that demonstrate all of Splunk's features, not only will you find quick solutions to common problems, but you'll also learn a wide range of strategies and uncover new ideas that will make you rethink what operational intelligence means to you and your organization.

Dive deep into Splunk to find the most efficient solution to your data problems in the third module. Create the robust Splunk solutions you need to make informed decisions in big data machine analytics. From visualizations to enterprise integration, this well-organized high level guide has everything you need for Splunk mastery.

This learning path combines some of the best that Packt has to offer into one complete, curated package. It includes content from the following Packt products:

  • Splunk Essentials - Second Edition
  • Splunk Operational Intelligence Cookbook - Second Edition
  • Advanced Splunk

Style and approach

Packed with several step by step tutorials and a wide range of techniques to take advantage of Splunk and its wide range of capabilities to deliver operational intelligence within your enterpise

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Splunk: Enterprise Operational Intelligence Delivered
    1. Table of Contents
    2. Splunk: Enterprise Operational Intelligence Delivered
    3. Credits
    4. Preface
      1. What this learning path covers
      2. What you need for this learning path
      3. Who this learning path is for
      4. Reader feedback
      5. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    5. 1. Module 1
      1. 1. Splunk in Action
        1. Your Splunk.com account
          1. Obtaining a Splunk.com account
        2. Installing Splunk on Windows
          1. Logging in the first time
          2. Run a simple search
        3. Creating a Splunk app
        4. Populating data with Eventgen
          1. Installing an add-on
        5. Controlling Splunk
        6. Configuring Eventgen
        7. Viewing the Destinations app
        8. Creating your first dashboard
        9. Summary
      2. 2. Bringing in Data
        1. Splunk and big data
          1. Streaming data
          2. Latency of data
          3. Sparseness of data
        2. Splunk data sources
          1. Machine data
          2. Web logs
          3. Data files
          4. Social media data
          5. Other data types
        3. Creating indexes
        4. Buckets
        5. Data inputs
        6. Splunk events and fields
        7. Extracting new fields
        8. Summary
      3. 3. Search Processing Language
        1. Anatomy of a search
          1. Search pipeline
        2. Time modifiers
        3. Filtering search results
        4. Search command - stats
        5. Search command - top/rare
        6. Search commands - chart and timechart
        7. Search command - eval
        8. Search command - rex
        9. Summary
      4. 4. Data Models and Pivot
        1. Creating a data model
          1. Adding attributes to objects
          2. Creating child objects
          3. Creating an attribute based on a regular expression
        2. Data model acceleration
          1. The Pivot Editor
          2. Creating a chart from a Pivot
          3. Creating an area chart
          4. Creating a pie chart showing destination details by airport code
          5. Single value with trending sparkline
        3. Rearranging your dashboard
        4. Summary
      5. 5. Data Optimization, Reports, Alerts, and Accelerating Searches
        1. Data classification with event types
        2. Data normalization with tags
        3. Data enrichment with lookups
        4. Creating reports
        5. Creating alerts
        6. Search and report acceleration
        7. Scheduling best practices
        8. Summary indexing
        9. Summary
      6. 6. Panes of Glass
        1. Creating effective dashboards
        2. Types of dashboard
          1. Gathering information and business requirements
          2. Dynamic form-based dashboard
            1. Creating a Status Distribution panel
            2. Creating the Status Types Over Time panel
            3. Creating the Hits vs Response Time panel
            4. Arranging the dashboard
          3. Panel options
            1. Pie chart - status distribution
            2. Stacked area chart - Status Types Over Time
          4. Column with line overlay combo chart - Hits vs Response Time
        3. Form inputs
        4. Creating a time range input
        5. Creating a radio input
        6. Creating a dropdown input
        7. Static Real-Time dashboard
          1. Single Value Panels with color ranges
          2. Creating panels by cloning
          3. Single Value Panels with trends
          4. Real-time column charts with line overlays
        8. Creating a map called a choropleth
        9. Summary
      7. 7. Splunk SDK for JavaScript and D3.js
        1. Introduction to Splunk SDKs
        2. Practical applications of Splunk's SDK
          1. Prerequisites
          2. Creating a CRON Job
          3. Creating a saved search
        3. Creating the final dashboard\jobs.js
          1. HTTP server
          2. Rendering the chart
        4. Summary
      8. 8. HTTP Event Collector
        1. What is the HEC?
        2. How does the HEC work?
        3. How data flows to the HEC?
          1. Logging in data
          2. Using a token with data
          3. Sending out the data request
          4. Verifying the token
          5. Indexing the data
            1. Enabling the HEC
            2. Generating an HEC authentication token
            3. How to test the HEC with cURL and PowerShell
              1. Using the HEC with dynamic UI events
            4. JavaScript logging with the HEC
        4. Summary
      9. 9. Best Practices and Advanced Queries
        1. Temporary indexes and oneshot indexing
        2. Searching within an index
        3. Search within a limited time frame
        4. Quick searches via fast mode
        5. Using event sampling
        6. Splunk Universal Forwarders
        7. Advanced queries
          1. Subsearch
          2. Using append
          3. Using join
          4. Using eval and if
          5. Using eval and match with a case function
        8. How to improve logs
          1. Including clear key-value pairs
          2. Creating events that are understandable to human readers
          3. Remember to use timestamps for all events
          4. Be sure your identifiers are unique
          5. Log using text format, not binary
          6. Use formats that developers can use easily
          7. Log what you think might be useful at some point
          8. Create use categories with meaning
          9. Include the source of the log event
          10. Minimize the number of multi-line events
        9. Summary
    6. 2. Module 2
      1. 1. Play Time – Getting Data In
        1. Introduction
        2. Indexing files and directories
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Adding a file or directory data input via the CLI
            2. Adding a file or directory input via inputs.conf
            3. One-time indexing of data files via the Splunk CLI
            4. Indexing the Windows event logs
          5. See also
        3. Getting data through network ports
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Adding a network input via the CLI
            2. Adding a network input via inputs.conf
          5. See also
        4. Using scripted inputs
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        5. Using modular inputs
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        6. Using the Universal Forwarder to gather data
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Add the receiving indexer via outputs.conf
        7. Loading the sample data for this book
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        8. Defining field extractions
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        9. Defining event types and tags
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Adding event types and tags via eventtypes.conf and tags.conf
          5. See also
      2. 2. Diving into Data – Search and Report
        1. Introduction
        2. Making raw event data readable
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Tabulating every field
            2. Removing fields, then tabulating everything else
        3. Finding the most accessed web pages
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Searching for the top 10 accessed web pages
            2. Searching for the most accessed pages by user
          5. See also
        4. Finding the most used web browsers
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Searching for the web browser data for the most used OS types
          5. See also
        5. Identifying the top-referring websites
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Searching for the top 10 using stats instead of top
          5. See also
        6. Charting web page response codes
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Totaling success and error web page response codes
          5. See also
        7. Displaying web page response time statistics
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Displaying web page response time by action
          5. See also
        8. Listing the top viewed products
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Searching for the percentage of cart additions from product views
          5. See also
        9. Charting the application's functional performance
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        10. Charting the application's memory usage
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        11. Counting the total number of database connections
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
      3. 3. Dashboards and Visualizations – Making Data Shine
        1. Introduction
        2. Creating an Operational Intelligence dashboard
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Changing dashboard permissions
        3. Using a pie chart to show the most accessed web pages
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Searching for the top 10 accessed web pages
          5. See also
        4. Displaying the unique number of visitors
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Coloring the value based on ranges
            2. Adding trends and sparklines to the values
          5. See also
        5. Using a gauge to display the number of errors
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        6. Charting the number of method requests by type and host
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        7. Creating a timechart of method requests, views, and response times
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Method requests, views, and response times by host
          5. See also
        8. Using a scatter chart to identify discrete requests by size and response time
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Using time series data points with a scatter chart
          5. See also
        9. Creating an area chart of the application's functional statistics
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        10. Using a bar chart to show the average amount spent by category
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        11. Creating a line chart of item views and purchases over time
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
      4. 4. Building an Operational Intelligence Application
        1. Introduction
        2. Creating an Operational Intelligence application
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Creating an application from another application
            2. Downloading and installing a Splunk app
          5. See also
        3. Adding dashboards and reports
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Changing permissions of saved reports
          5. See also
        4. Organizing the dashboards more efficiently
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Modifying the Simple XML directly
          5. See also
        5. Dynamically drilling down on activity reports
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Disabling the drilldown feature in tables and charts
          5. See also
        6. Creating a form for searching web activity
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Adding a Submit button to your form
          5. See also
        7. Linking web page activity reports to the form
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Adding an overlay to the Sessions Over Time chart
          5. See also
        8. Displaying a geographical map of visitors
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Adding a map panel using Simple XML
            2. Mapping different distributions by area
          5. See also
        9. Scheduling PDF delivery of a dashboard
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
      5. 5. Extending Intelligence – Data Models and Pivoting
        1. Introduction
        2. Creating a data model for web access logs
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Searching data models using the search interface
          5. See also
        3. Creating a data model for application logs
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        4. Accelerating data models
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Viewing data model and acceleration summary information
            2. Advanced configuration of data model acceleration
          5. See also
        5. Pivoting total sales transactions
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Pivot searching using the pivot command and search interface
          5. See also
        6. Pivoting purchases by geographic location
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        7. Pivoting slowest responding web pages
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        8. Pivot charting top error codes
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
      6. 6. Diving Deeper – Advanced Searching
        1. Introduction
        2. Calculating the average session time on a website
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Starts with a website visit, ends with a checkout
            2. Defining maximum pause, span, and events in a transaction
          5. See also
        3. Calculating the average execution time for multi-tier web requests
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Calculating the average execution time without using a join
          5. See also
        4. Displaying the maximum concurrent checkouts
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. See also
        5. Analyzing the relationship of web requests
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Analyzing relationships of DB actions to memory utilization
          5. See also
        6. Predicting website traffic volumes
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Predicting the total number of items purchased
            2. Predicting the average response time of function calls
          5. See also
        7. Finding abnormally-sized web requests
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. The anomalies command
            2. The anomalousvalues command
            3. The anomalydetection command
            4. The cluster command
          5. See also
        8. Identifying potential session spoofing
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Creating logic for urgency
          5. See also
      7. 7. Enriching Data – Lookups and Workflows
        1. Introduction
        2. Looking up product code descriptions
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Manually adding the lookup to Splunk
          5. See also
        3. Flagging suspect IP addresses
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Modifying an existing saved search to populate a lookup table
          5. See also
        4. Creating a session state table
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Use the Splunk KV store to maintain the session state table
          5. See also
        5. Adding hostnames to IP addresses
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Enabling automatic external field lookups
          5. See also
        6. Searching ARIN for a given IP address
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Limiting workflow actions by event types
          5. See also
        7. Triggering a Google search for a given error
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Triggering a Google search from the chart drilldown options
          5. See also
        8. Creating a ticket for application errors
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Adding a workflow action manually in Splunk
          5. See also
        9. Looking up inventory from an external database
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Use DB Connect for direct external DB lookups
          5. See also
      8. 8. Being Proactive – Creating Alerts
        1. Introduction
        2. Alerting on abnormal web page response times
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Viewing triggered alerts in Splunk's Alert manager
          5. See also
        3. Alerting on errors during checkout in real time
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Building alerts via a configuration file
            2. Editing alert configuration attributes using Advanced edit
            3. Identify the real-time searches that are running
          5. See also
        4. Alerting on abnormal user behavior
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Alerting on abnormal user purchases without checkouts
          5. See also
        5. Alerting on failure and triggering a scripted response
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        6. Alerting when predicted sales exceed inventory
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Adding an RSS feed notification action to an alert
          5. See also
      9. 9. Speeding Up Intelligence – Data Summarization
        1. Introduction
        2. Calculating an hourly count of sessions versus completed transactions
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Generating the summary more frequently
            2. Avoiding summary index overlaps and gaps
          5. See also
        3. Backfilling the number of purchases by city
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Backfilling a summary index from within a search directly
          5. See also
        4. Displaying the maximum number of concurrent sessions over time
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
            1. Viewing the status of an accelerated report
          5. See also
      10. 10. Above and Beyond – Customization, Web Framework, REST API, HTTP Event Collector, and SDKs
        1. Introduction
        2. Customizing the application navigation
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more…
        3. Adding a force-directed graph of web hits
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more…
            1. Changing the time range on the search manager
          5. See also
        4. Adding a calendar heatmap of product purchases
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        5. Adding cell highlighting of average product price
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more…
          5. See also
        6. Remotely querying Splunk's REST API for unique page views
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more…
            1. Authenticating with a session token
          5. See also
        7. Creating a Python application to return unique IP addresses
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. Paginating the results of your search
          5. See also
        8. Creating a custom search command to format product names
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        9. Collecting data from remote scanning devices
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
    7. 3. Module 3
      1. 1. What's New in Splunk 6.3?
        1. Splunk's architecture
          1. The need for parallelization
          2. Index parallelization
        2. Search parallelization
          1. Pipeline parallelization
          2. The search scheduler
          3. Summary parallelization
        3. Data integrity control
        4. Intelligent job scheduling
        5. The app key-value store
          1. System requirements
          2. Uses of the key-value store
          3. Components of the key-value store
          4. Managing key-value store collections via REST
            1. Examples
          5. Replication of the key-value store
        6. Splunk Enterprise Security
          1. Enabling HTTPS for Splunk Web
          2. Enabling HTTPS for the Splunk forwarder
          3. Securing a password with Splunk
          4. The access control list
        7. Authentication using SAML
        8. Summary
      2. 2. Developing an Application on Splunk
        1. Splunk apps and technology add-ons
          1. What is a Splunk app?
          2. What is a technology add-on?
        2. Developing a Splunk app
          1. Creating the Splunk application and technology add-on
          2. Packaging the application
          3. Installing a Splunk app via Splunk Web
          4. Installing the Splunk app manually
        3. Developing a Splunk add-on
          1. Building an add-on
          2. Installing a technology add-on
        4. Managing Splunk apps and add-ons
        5. Splunk apps from the app store
        6. Summary
      3. 3. On-boarding Data in Splunk
        1. Deep diving into various input methods and sources
          1. Data sources
            1. Structured data
            2. Web and cloud services
            3. IT operations and network security
            4. Databases
            5. Application and operating system data
          2. Data input methods
            1. Files and directories
            2. Network sources
            3. Windows data
        2. Adding data to Splunk – new interfaces
          1. HTTP Event Collector and configuration
            1. HTTP Event Collector
            2. Configuration via Splunk Web
            3. Managing the Event Collector token
          2. The JSON API format
            1. Authentication
            2. Metadata
            3. Event data
        3. Data processing
          1. Event configuration
            1. Character encoding
            2. Event line breaking
          2. Timestamp configuration
          3. Host configuration
            1. Configuring a static host value – files and directories
            2. Configuring a dynamic host value – files and directories
            3. Configuring a host value – events
        4. Managing event segmentation
        5. Improving the data input process
        6. Summary
      4. 4. Data Analytics
        1. Data and indexes
          1. Accessing data
            1. The index command
            2. The eventcount command
            3. The datamodel command
            4. The dbinspect command
            5. The crawl command
          2. Managing data
            1. The input command
            2. The delete command
            3. The clean command
            4. Summary indexing
        2. Search
          1. The search command
          2. The sendmail command
          3. The localop command
        3. Subsearch
          1. The append command
          2. The appendcols command
          3. The appendpipe command
          4. The join command
        4. Time
          1. The reltime command
          2. The localize command
        5. Fields
          1. The eval command
          2. The xmlkv command
          3. The spath command
          4. The makemv command
          5. The fillnull command
          6. The filldown command
          7. The replace command
        6. Results
          1. The fields command
          2. The searchtxn command
          3. The head / tail command
          4. The inputcsv command
          5. The outputcsv command
        7. Summary
      5. 5. Advanced Data Analytics
        1. Reports
          1. The makecontinuous command
          2. The addtotals command
          3. The xyseries command
        2. Geography and location
          1. The iplocation command
          2. The geostats command
        3. Anomalies
          1. The anomalies command
          2. The anomalousvalue command
          3. The cluster command
          4. The kmeans command
          5. The outlier command
          6. The rare command
        4. Predicting and trending
          1. The predict command
          2. The trendline command
          3. The x11 command
        5. Correlation
          1. The correlate command
          2. The associate command
          3. The diff command
          4. The contingency command
        6. Machine learning
        7. Summary
      6. 6. Visualization
        1. Prerequisites – configuration settings
        2. Tables
          1. Tables – Data overlay
          2. Tables – Sparkline
            1. Sparkline – Filling and changing color
            2. Sparkline – The max value indicator
            3. Sparkline – A bar style
          3. Tables – An icon set
        3. Single value
        4. Charts
          1. Charts – Coloring
          2. Chart overlay
          3. Bubble charts
        5. Drilldown
          1. Dynamic drilldown
            1. The x-axis or y-axis value as a token to a form
            2. Dynamic drilldown to pass a respective row's specific column value
            3. Dynamic drilldown to pass a fieldname of a clicked value
          2. Contextual drilldown
          3. The URL field value drilldown
          4. Single value drilldown
        6. Summary
      7. 7. Advanced Visualization
        1. Sunburst sequence
          1. What is a sunburst sequence?
          2. Example
          3. Implementation
        2. Geospatial visualization
          1. Example
            1. Syntax
            2. Search query
          2. Implementation
        3. Punchcard visualization
          1. Example
            1. Search query
          2. Implementation
        4. Calendar heatmap visualization
          1. Example
            1. Search query
          2. Implementation
        5. The Sankey diagram
          1. Example
          2. Implementation
        6. Parallel coordinates
          1. Example
            1. Search query
          2. Implementation
        7. The force directed graph
          1. Example
          2. Implementation
        8. Custom chart overlay
          1. Example
          2. Implementation
        9. Custom decorations
          1. Example
            1. What is the use of such custom decorations?
          2. Implementation
        10. Summary
      8. 8. Dashboard Customization
        1. Dashboard controls
          1. HTML dashboard
          2. Display controls
            1. Example and implementation
            2. Syntax
          3. Form input controls
            1. Example and implementation
          4. Panel controls
            1. Example and implementation
              1. Enabling/disabling refresh time
              2. Disabling the manual refresh link
              3. Enabling auto refresh
        2. Multi-search management
          1. Example
          2. Implementation
        3. Tokens
          1. Eval tokens
            1. Syntax of the eval token
            2. Example
            3. Implementation
          2. Custom tokens
            1. Example
            2. Implementation
        4. Null search swapper
          1. Example
          2. Implementation
        5. Switcher
          1. Link switcher
            1. Example and implementation
          2. Button switcher
            1. Example and implementation
        6. Summary
      9. 9. Advanced Dashboard Customization
        1. Layout customization
          1. Panel width
            1. Example
            2. Implementation
          2. Grouping
            1. Example
              1. Single-value grouping
              2. Visualization grouping
            2. Implementation
          3. Panel toggle
            1. Example
            2. Implementation
          4. Image overlay
            1. Example
              1. What is the use of image overlay?
              2. Where can image overlay be used?
            2. Implementation
        2. Custom look and feel
          1. Example and implementation
        3. The custom alert action
          1. What is alerting?
          2. Alerting
          3. The features
          4. Implementation
          5. Example
        4. Summary
      10. 10. Tweaking Splunk
        1. Index replication
          1. Standalone environment
          2. Distributed environment
          3. Replication
            1. Searching
            2. Failures
        2. Indexer auto-discovery
          1. Example
          2. Implementation
        3. Sourcetype manager
        4. Field extractor
          1. Accessing field extractor
          2. Using field extractor
          3. Example
            1. Regular expression
            2. Delimiter
        5. Search history
        6. Event pattern detection
        7. Data acceleration
          1. Need for data acceleration
          2. Data model acceleration
        8. Splunk buckets
        9. Search optimizations
          1. Time range
          2. Search modes
          3. Scope of searching
          4. Search terms
        10. Splunk health
          1. splunkd log
          2. Search log
        11. Summary
      11. 11. Enterprise Integration with Splunk
        1. The Splunk SDK
        2. Installing the Splunk SDK
        3. The Splunk SDK for Python
          1. Importing the Splunk API in Python
          2. Connecting and authenticating the Splunk server
          3. Splunk APIs
            1. Creating and deleting an index
            2. Creating input
            3. Uploading files
            4. Saved searches
            5. Splunk searches
        4. Splunk with R for analytics
          1. The setup
          2. Using R with Splunk
        5. Splunk with Tableau for visualization
          1. The setup
          2. Using Tableau with Splunk
        6. Summary
      12. 12. What Next? Splunk 6.4
        1. Storage optimization
        2. Machine learning
        3. Management and admin
        4. Indexer and search head enhancement
        5. Visualizations
        6. Multi-search management
        7. Enhanced alert actions
        8. Summary
    8. Biblography
    9. Index