Scribd
Upload
544 views

Basics of Splunk

Splunk is a tool used to search, monitor, and analyze machine-generated big data for security, IT and business intelligence. It indexes data from various sources like logs, network feeds and machine data. Users can then search and visualize this data to gain operational intelligence. Splunk deployment options include on-premises, cloud or lightweight versions. Users are assigned roles that determine data access and capabilities. Additional functionalities are provided through apps and add-ons available on Splunkbase.

Uploaded by

Roy Murillo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
544 views

Basics of Splunk

Splunk is a tool used to search, monitor, and analyze machine-generated big data for security, IT and business intelligence. It indexes data from various sources like logs, network feeds and machine data. Users can then search and visualize this data to gain operational intelligence. Splunk deployment options include on-premises, cloud or lightweight versions. Users are assigned roles that determine data access and capabilities. Additional functionalities are provided through apps and add-ons available on Splunkbase.

Uploaded by

Roy Murillo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

SPLUNK FUNDAMENTALS

WHAT IS SPLUNK ?

• Spunk tool is used to get statistics, reports,


dashboards, lookups and logs.
• It is used to search the logs which helps the
developer to debug and to resolve the issue in
easy manner.
• To check whether the integrated systems are
getting triggered or not.
Any type of IT streaming, Machine and historical data can be used.
In our case we were using Window events logs, live application
logs, network feeds.
WHAT TYPE OF
From the data source, we can get data into our Splunk
DATA CAN BE development. Then Splunk Enterprise indexes the data stream and
USED AND FROM transforms it into a series of events.

WHERE IT CAN BE If the data is on the same machine as an indexer (local data) or on
another machine (remote data)
INSERTED?
We can get remote data into your Splunk deployment using network
feeds or installing Splunk forwarders on the hosts where the data
originates.
Go to Splunk Enterprise software and then to “Search & Reporting”
app. Search head will appear on the screen where we need to specify
the criteria regarding which we want the result. We have to be particular
HOW DOES SPLUNK
about the Time Range which we are specifying. The reason of providing
WORK? the correct time range is to get the exact logs which we are expecting.
Once we search, then its related events will be seen as mentioned
below.
HOW IS SPLUNK DEPLOYED?

• Splunk Enterprise: Splunk components installed and administered on-premises. It can be used for simple
and small deployments

• Splunk Cloud: It is used when we manage and maintain data in cloud infrastructure. It is a service of
Splunk Enterprise.

• Splunk Light: It delivers log search and analysis for individuals, small businesses and work groups within
larger organization.
USERS AND ROLES

Splunk users are assigned roles which determines their capabilities and data access.
There are 3 main roles:
 Admin: Most capabilities will be assigned to it. It can also create additional roles based on the requirements.

 Power: Can edit all shared objects, alerts and tag events.

 User: Can create and edit its own saved searches, run searches, create and edit event types.

 can_delete: Allows the user to delete by keyword. It is required when user is deleting the search operator.
Splunk has 1000+ ready made apps which are available on Splunkbase. An app might include
any or all of the following configurations:
• Dashboards and supporting searches that integrate knowledge of the data source and
structure.
WHAT ARE SPLUNK • Authentication management and other data source management interfaces.

APPS? • An app might require the use one or more add-ons to facilitate the collection or configuration
of data
Some apps are free and few are paid. Splunk App for Microsoft Exchange, Splunk App for AWS,
and Splunk DB Connect are the example of free apps.
WHAT ARE ADD-ON?

An add-on provide specific capabilities to assist in gathering, normalizing and enriching data sources.
An add-on might include any or all of the following configurations:
• Data source input configuration
• Data parsing and transformation configurations to structure the data for Splunk Enterprise.
• Lookup files for data enrichment.
• Supporting knowledge objects.
Examples: AWS Web Application Firewall Add-on, Microsoft Teams messages publication add-on
CHOOSING YOUR APP

App allows different workspaces for specific use cases or user roles to
co-exist on single Splunk instance. In the mentioned screenshot,
Search & Reporting, SplunkAdmins and SplunkVersionControl are
some of the Apps which are included for a user. More Apps can be
added by “Find More Apps” based on the requirement of the
organization. Each and every Apps have a different uses.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy