SlideShare uma empresa Scribd logo

SplunkLive! Hamburg / München Advanced Session

Georg Knon
Georg Knon
Tecnologia
1 de 84
14.05.2013   Juergen  Magiera       Technical   Workshops   Advanced  User  Training   Advanced  Training    
Agenda   •  Assump@ons   •  Building  Apps   •  Users  and  Roles   •  Splunk  By  Example  –  Deconstruc@ng  the  Demo   •  Support  and  Community   2  
Assump@ons  
You  Are  in  This  Session  Because….   •  You  have  developed  advanced  searches  with  Splunk  to   manipulate    and  present  data   •  You  have  mastered  sourcetyping  and  extrac@ng  fields   •  You  have  built  reports  beyond  |  @mechart  count   •  You  have  created  dashboards  of  some  kind   •  You  have  hRp://www.splunk.com/base/Documenta@on   bookmarked   •  You  have  seen  all  of  the  Splunk  Ninja  videos   4  
Building  Apps  
What  is  An  App,  Anyway?   •  Terminology   •  Apps  –  A  workspace  that  solves  a  specific  use  case  with  a  navigable  view   •  Add-­‐on  –  A  reusable  Splunk  component  that  does  not  contain  a  view   •  Example   •  Splunk  for  Cisco  Security  is  an  App   •  The  collec@on  of  field  extrac@ons/sourcetypes/transforms/eventypes   that   map  raw  firewall  logs  is  an  Add-­‐on     6  
What  You  Need  to  Create  an  App   "   Some  data     "   Add-­‐ons  (Use  ours  or  build  your  own)   "   Splunk  Objects   –  Saved  Searches   –  Reports   –  Dashboards   –  Views   "   Text  Editor  (Komodo  Edit,  Text  Wrangler,  vi,  Notepad)  for  Advanced   XML   "   Web  development  tools  (Firebug,  etc)   7  
Geeng  Started  is  Easy   8   This  will  build  the  necessary  directory  structure  in   $SPLUNK_HOME/etc/apps  
app.conf   9   The  Interes@ng  Stuff:   •  version = <version string> -­‐    Give  your  App  a  version  number.    Important  if   you  plan  to  put  on  Splunkbase   •  id = <appid> -­‐  Must  be  same  as  folder  name  where  your  app  lives.    With  version,   used  to  check  for  App  updates  on  Splunkbase   •  state_change_requires_restart = true | false -­‐  Install  Apps  without   restar@ng!  Check  $SPLUNK_HOME/etc/system/default/apps.conf.    If  Splunk  touches  any   endpoint  not  listed,  restart  required     •  build = <integer> -­‐  Change  with  version  so  browsers  don’t  use  cached  copies  of   old  sta@c  files  
Users  and  Roles  
Users  and  Roles     11   Problem  Inves@ga@on   Problem  Inves@ga@on   Problem  Inves@ga@on   Save   Searches   Share   Searches   LDAP,  AD     Users  and  Groups   Splunk  Flexible  Roles   Manage   Users   Manage   Indexes   Capabili@es  &  Filters   NOT   tag=PCI   App=ERP   …   Map  LDAP  &  AD  groups  to  flexible  Splunk  roles.  Define  any  search  as  a  filter.   Integrate  authen@ca@on  with  LDAP  and  Ac@ve  Directory.  
Maps  Roles  to  Apps   12   Op@ons  for  Logical  Data  Par@@oning   •  Map  Roles  to  Indexes     •  Map  Roles  to  Sourcetypes     Once  your  Apps  are  built,  mapping  Apps  to  Roles  is  easy:  
Other  User  Control  Methods   13   Edit  Permissions  by  App  in  the  App  Manager     Remove  op@ons  for  users  in  the  AccountBar     <module name="AccountBar" layoutPanel="appHeader">! <param name="mode">lite</param>! </module> !
Splunk  By  Example   Basic  UI  Customiza@on  
*Disclaimer   "   The  App  and  Splunk  Web  customiza@ons  that  we  will  show  in  this   presenta@on  are  by  no  means  comprehensive   "   Please  see  the  Developer  Manual  for  more  detail   "    hRp://www.splunk.com/base/Documenta@on/latest/Developer/   15  
Launch  Page   "   In  the  demo  we  saw  a  slide  as  a  landing  page  instead  of  a  dashboard.   "   How  did  you  do  that?   16   Screenshot  here  
Where  Stuff  Lives   "   $SPLUNK_HOME/etc/apps/your_app_name   "   $SPLUNK_HOME/etc/apps/your_app_name/default   –  Put  all  Splunk  configura@on  files  for  you  App  here   "   $SPLUNK_HOME/etc/apps/your_app_name/default/data/ui/nav   –  Contains  default.xml,  defines  naviga@on  menus   "   $SPLUNK_HOME/etc/apps/your_app_name/default/data/ui/views   –  All  dashboard  and  view  xml  files  live  here   "   $SPLUNK_HOME/etc/apps/your_app_name/appserver   –  Add  images,  CSS,  or  HTML   17  
Where  Stuff  Lives,  Cont.   "   $SPLUNK_HOME/etc/apps/your_app_name/bin   –  Custom  scripts  or  executables  for  your  App   "   $SPLUNK_HOME/etc/apps/your_app_name/local   –  For  users  and  admins  to  edit  default  configura@ons   "   $SPLUNK_HOME/etc/apps/your_app_name/metadata   –  Stores  object  permissions   18  
Working  Backward  -­‐  Navs   "   default/data/ui/nav/default.xml   "   <nav>   "    <collec@on  label="About">   "                    <view  name="arch"  default="true"  />   "      <divider  />   "      <a  href="mailto:feedback@mycompany.com">Send  Feedback...</a>   "    </collec@on>   "    <collec@on  label="IT  Opera@ons">   "      <view  name="opera@onal_visibility"  />   "      <view  name="env_state"  />…   19  
The  “arch.xml”  View   "  default/data/ui/views/arch.xml   "  <?xml  version='1.0'  encoding='u}-­‐8'?>   "  <dashboard>   "  <label>Architecture</label>   "     <row>   "                 <html>   "                                 <h1>Welcome  to  the  Applica@on  Management  Demo</h1>   "                                 <h3>   "                                 This  Splunk  instance  is  capturing  data  from  a  variety  of  applica@ons,  opera@ng  systems  and  network  devices.   "                                 </h3>   "                                 <center>   "                                                 <a  href="opera@onal_visibility">   "                                                 <img  src="/sta@c/app/appmgmt/arch.gif"/>   "                                                 </a>  …   "                   20   Link  when  clicked   Image  to  display  
Manage/Edit  Your  Navs  and  Views  in  Splunk  Web   21  
Other  Customiza@on  Op@ons   "   App  Icon  –  create  your  own  icon  to  show  on  Home  screen   –  $SPLUNK_HOME/etc/apps/your_app_name/appserver/sta@c/appIcon.png   "   Custom  Cascading  Style  Sheets  (CSS)  -­‐  background  colors,  fonts,  logos,   buRons,  naviga@on,  menus,  etc   –  Default:  $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/css/skins/ default/default.css   –  Create  your  applica@on.css  in  $SPLUNK_HOME/etc/app/your_app_name/ appserver/sta@c   –  See  Splunk  Apps  (Splunk  for  *NIX,  Splunk  for  Windows,  etc)  for  examples   22  
Dashboards  and  Views   "   Simplified  XML   –  Use  the  Visual  Dashboard  editor  to   auto-­‐generate  simplified  XML   –  Adjust  panel  layouts   –  Modify  underlying  searches  and   format  charts  via  Report  Builder  or   edit  by  hand   23   <dashboard>    <label>My  dashboard</label>    <row>      <chart>        <searchName>My  saved  report</searchName>          <op@on  name="char@ng.chart">line</op@on>          <op@on  name="height">200</op@on>        </chart>      </row>   </dashboard>  
Dashboards  and  Views   "   Advanced  XML   –  Provides  extended  customiza@on  and  control  over  simplified  XML   –  All  pages  and  dashboards  in  Splunk  are  composed  of  one  or  many  modules   –  Each  module  contains  params  that  control  module  specific  configura@ons   "   Check  out  available  modules   –  hRp://localhost:8000/modules   "   View  any  Splunk  page  in  Advanced  XML   –  hRp://localhost:8000/en-­‐US/app/<app_name>/<dashboard_name>? showsource=true   24  
Opera@onal  Visibility  –  Current  Capacity   "   Uses  a  real-­‐@me  search   "   Sets  thresholds  with  a  filler  gauge   "   Includes  some  text   "   Rotated  horizontally   "   Displays  as  a  percentage   25  
Building  a  Real-­‐Time  Search/Report   26   From  the  CPU   sourcetype   Take  the  most   recent  event   Extract  column   headings  to  fields,  only   return  the  “pctSystem”   field   Send  pctSystem  to   gauge  command  seeng   ranges   2.   1.   Set  @me  range,  Real-­‐ @me,  30  second  window   3.  
Command  Reference   27   sourcetype=cpu | head 1 | multikv fields pctSystem | gauge pctSystem 0 25 50 75 100!                             Command   Usage   Example   head   head <N> -­‐  return  N  events  (default  is  10)   head <eval-expression> -­‐  a  valid   eval  expression   | head 500! | head (foo>80)   mul2kv   multikv  fields  <field-list> -­‐ extracts  field  values  from  table-­‐formaRed   events  and  filters  out  from  extracted  events   fields  not  in  the  given  field  list   | multikv fields foo! gauge   gauge <field>  -­‐  transforms  results  into   a  format  for  display  in  Gauge  chart  types  and   sets  gauge  regions   | gauge foo 0 25 50 75 100!
Building  a  Real-­‐Time  Search/Report   28   4.   5.  
Edit  Using  Advanced  XML   29   <module name="StaticContentSample" layoutPanel="panel_row1_col3">! <param name="text">Calculated based on maximum architecture throughput and capacity.</param>! </module>! <module name="HiddenSavedSearch" layoutPanel="panel_row1_col3" group=”Current Capacity" autoRun="True">! <param name="savedSearch">AppMgmt - Capacity - Filler Gauge</param>! <param name="groupLabel">Current Capacity</param>! <module name="ViewstateAdapter">! <param name="savedSearch">AppMgmt - Capacity - Filler Gauge</param>! <module name="HiddenFieldPicker">! <param name="strictMode">True</param>! <module name="JobProgressIndicator">! <module name="EnablePreview">! <param name="enable">True</param>! <param name="display">False</param>! <module name="HiddenChartFormatter">! <param name="charting.chart.usePercentageValue">true</param>! <param name="charting.chart.orientation">x</param>! <module name="FlashChart">! <param name="width">100%</param>! <module name="ConvertToDrilldownSearch">! <module name="ViewRedirector">! <param name="viewTarget">flashtimeline</param>…..!                             Dashboard  posi@on   Text   Panel  Title   Saved  Search  Name   Display  as  percentage   Rotate  Horizontally  
Add  a  Single  Value  BuRon   "   Construct  your  search   " sourcetype="access_combined"  ac@on="purchase"     "   |  stats  avg(price)  as  price     "   |  eval  basketvalue  =  "$"  +  tostring(round(price,2),  "commas")     "   |  rangemap  field=basketvalue  severe=0-­‐50  elevated=50-­‐75  default=low   30   On  our  web  logs,  pull   out  the  “purchase   events   Use  the  “stats”  command  to   take  an  average  of  a  field   Format  for  display  in  buRon   Use  “rangemap”  to  set   thresholds  
Command  Reference   31   sourcetype="access_combined" action="purchase” | stats avg(price) as price | eval basketvalue = "$" + tostring(round(price,2), "commas") | rangemap field=basketvalue severe=0-50 elevated=50-75 default=low!                             Command   Usage   Example   stats   stats (stats-function(field) [as field]) + [by field-list] – provides  sta@s@cs  grouped  op@onally  by   field   | stats avg(foo) as foobar by bar   stats functions - avg() , c() , count() , dc() , distinct_count() , first() , last() , list() , max() , median() , min() , mode() , p<in>() , perc<int>() , per_day() , per_hour() , per_minute() , per_second() , range() , stdev() , stdevp() , sum() , sumsq() , values() , var() , varp() !                            
Command  Reference   32   sourcetype="access_combined" action="purchase” | stats avg(price) as price | eval basketvalue = "$" + tostring(round(price,2), "commas") | rangemap field=basketvalue severe=0-50 elevated=50-75 default=low!                             Command   Usage   Example   eval   eval eval-field=eval- expression –  calculates  an  expression   and  put  the  result  in  a  field   | eval foo = if(bar==200, “OK”, “Error”)   eval functions - abs(), case(), ceil() , ceiling(), cidrmatch(), coalesce(), commands(), exact(), exp(), floor(), if(), ifnull(), isbool(), isint(), isnotnull(), isnull(), isnum(), isstr(), len(), like(), ln(), log(), lower(), ltrim(), match(), max(), md5(), min(), mvappend(), mvcount(), mvindex(), mvfilter(), mvjoin(), now(), null(), nullif(), pi(), pow(), random(), relative_time(), replace(), round(), rtrim(), searchmatch(), split(), sqrt(), strftime(), strptime(), substr(), time(), tonumber(), tostring(), trim(), typeof(), upper(), urldecode(), validate()  
Command  Reference   33   sourcetype="access_combined" action="purchase” | stats avg(price) as price | eval basketvalue = "$" + tostring(round(price,2), "commas") | rangemap field=basketvalue severe=0-50 elevated=50-75 default=low!                             Command   Usage   Example   rangemap   rangemap field=<string> (<attrn>=<number>-<number>) + [default=<string>] –  sets  range   field  to  the  name  of  the  ranges  that  match   | rangemap field=foo low=0-10 elevated=11-20 severe=21-30 default=low   Note:  Splunk  ships  with  CSS  that  defines  colors  for  low,  elevated,  and  severe.    You  can  customize  CSS   for  these  values.  
Embed  Search  and  Time-­‐range  in  View   34   <module name="StaticContentSample" layoutPanel="panel_row1_col2">! <param name="text">Real-time average shopping cart values.</param>! </module>! <module name="HiddenSearch" layoutPanel="panel_row1_col2" group="RT Shopping Cart Value" autoRun="True">! <param name="search">sourcetype="access_combined" action="purchase" | stats avg(price) as price | eval basketvalue = "$" + tostring(round(price,2), "commas") | rangemap field=basketvalue severe=0-50 elevated=50-75 default=low</param>! <param name="groupLabel">RT Shopping Cart Value</param>! <param name="earliest">rt-1m</param>! <param name="latest">rt</param>! <module name="ViewstateAdapter">! <module name="HiddenFieldPicker">! <param name="strictMode">True</param>! <module name="JobProgressIndicator">! <module name="SingleValue">! <param name="field">basketvalue</param>! <param name="classField">range</param>.....! Our  Search   Real-­‐@me  1  minute   window   Use  the  “basketvalue”   field      
Build  a  Stacked  Column  Chart   "   Uses  a  lookup  table  to  map  a  Product  ID  to  a  Product  Name   "   Uses  “@mechart”  command  to  display  results  over  @me   35  
Use  a  Lookup  Table   36   •  In  props.conf   [access_combined]! LOOKUP-prod = prod_id_lookup product_id OUTPUT product_name, price, tdf_price, call_flwrs_price!   •  In  transforms.conf   [prod_id_lookup]! filename = prod_lookup.csv   •  In  lookup  directory,  prod_lookup.csv   product_id,product_name,price,tdf_pri ce,call_flwrs_price! RP-LI-02,Chocolate Dreams Confections,379,299,319!  
Construct  Your  Search  and  Format   37   •  Either  define  in  Report  wizard   •  Or  in  view  XML   <module name="HiddenChartFormatter">! <param name="chart">column</param>! <param name=“stackMode”>stacked</param>!  
Command  Reference   38   sourcetype="access_combined” | timechart count by product_name   Command   Usage   Example   2mechart   timechart [agg=<stats-agg- term>] [<bucketing-option> ]* (<single-agg> [by <split-by- clause>] )   | timechart span=1m avg(foo) by bar   timechart functions (same as stats) - avg() , c() , count() , dc() , distinct_count() , first() , last() , list() , max() , median() , min() , mode() , p<in>() , perc<int>() , per_day() , per_hour() , per_minute() , per_second() , range() , stdev() , stdevp() , sum() , sumsq() , values() , var() , varp() !                            
Building  a  Correla@on  Search   "   Uses  a  simple  Boolean  search  to  get  results  from  both  sourcetypes   "   Uses  a  search  macro  to  process  results  and  display   39  
Using  a  Search  Macro   "   Define  in  Manager  >  Advanced  search  >  Search  macros   "   Reuse  chunks  of  searches  as  part  of  your  search  string  like  a  func@on   40   "   Invoke  using  the  le•  quote  character        
Raw  Event  Output   "   Contain  asynchronous  entries   "   Possible  duplicates   41  
Step  1   "   Get  rid  of  duplicate  events  or  duplicate  users   42   sourcetype=mysql_config OR sourcetype=remedy_changeticket ! | dedup _raw, User ! | transaction TicketId, User ! | eval hasTicket = if(eventcount > 1, "Yes", "No") ! | rename PrevPropValue as "Original_Value", NewPropValue as "New_Value", hasTicket as "Change_Ticket" ! | fields _time, User, Property, "Original_Value", "New_Value", "Change_Ticket"!
Step  2   "   Combine  two  asynchronous  events  into  one  event  using  transac@on   command   –  Note:  can  also  define  boundaries  for  length  of  events  (maxspan)  or  @me   between  events  (maxpause)   "   Use  the  same  “TicketId”  and  “User”  fields  between  the  two  events  to   group   "   Will  produce  metadata  field  “dura@on”  and  “eventcount”   43   sourcetype=mysql_config OR sourcetype=remedy_changeticket ! | dedup _raw, User ! | transaction TicketId, User ! | eval hasTicket = if(eventcount > 1, "Yes", "No") ! | rename PrevPropValue as "Original_Value", NewPropValue as "New_Value", hasTicket as "Change_Ticket" ! | fields _time, User, Property, "Original_Value", "New_Value", "Change_Ticket"!
Step  3   "   Use  eval  to  create  a  new  field  “hasTicket”   "   Use  “eventcount”  field  generated  by  transac@on  command   "   In  the  results,  if  the  uber-­‐event  has  >  1  event  then  there  is  an  change   with  an  associated  change  @cket,  otherwise  “hasTicket”  is  “No”   44   sourcetype=mysql_config OR sourcetype=remedy_changeticket ! | dedup _raw, User ! | transaction TicketId, User ! | eval hasTicket = if(eventcount > 1, "Yes", "No") ! | rename PrevPropValue as "Original_Value", NewPropValue as "New_Value", hasTicket as "Change_Ticket" ! | fields _time, User, Property, "Original_Value", "New_Value", "Change_Ticket"!
Step  4   "   Formaeng  and  results   "   Rename  a  few  fields  for  clarity  in  dashboard  results   "   Use  fields  command  to  only  display  what  we  need  to  see   45   sourcetype=mysql_config OR sourcetype=remedy_changeticket ! | dedup _raw, User ! | transaction TicketId, User ! | eval hasTicket = if(eventcount > 1, "Yes", "No") ! | rename PrevPropValue as "Original_Value", NewPropValue as "New_Value", hasTicket as "Change_Ticket" ! | fields _time, User, Property, "Original_Value", "New_Value", "Change_Ticket"!
Support  and   Community  
Support  Through  the  Splunk  Community   47   Browse and share Apps from Splunk, Partners and the Community splunkbase.splunk.com Splunkbase   Community-driven knowledge exchange and Q&A answers.splunk.com 3 days, more than 100 sessions, the smartest Splunk users together http://conf.splunk.com
Where  to  Go  for  Help   "   Documenta@on   –  hRp://www.splunk.com/base/Documenta@on   "   Technical  Support     –  hRp://www.splunk.com/support   "   Videos   –  hRp://www.splunk.com/videos   "   Educa@on   –  hRp://www.splunk.com/goto/educa@on   "   Professional  Services   48  
Thank  you   Date     Technical   Workshops   Advanced  User  Training  
Copyright  ©  2013  Splunk  Inc.  
Sec@on  Title  
Saving  the  Template  for  Mac   "   To  save  this  theme,  go  to  Themes   Tab,  click  Save  Theme   "   To  set  this  as  your  default  theme,   click  the  arrow  next  to  Save  Theme   and  choose  Set  Current  Theme  as   Default   "   OR  click  Save  Theme  and  overwrite   the  default  file  seen  in  the  my   themes  folder.     53  
Saving  the  Template  for  PC   "   A•er  downloading  the  file  to  your  computer,  you  might     want  to  save  it  as  your  default  template   –  Open  the  file  (if  it  did  not  open  automa@cally  a•er  downloading)   –  Click  the  Office  BuGon   –  Select  Save  As,  Other  Formats   –  Click  the  down  arrow  in  the  Save  as  type  box  and  select    PowerPoint  Template  (*.potx)   –  Replace  the  text  in  the  File  name  box  with  the  word  Blank  and  click  Save   "   The  file  will  be  saved  as  Blank.potx,  which  PowerPoint  recognizes  as  the  default   template  file   54  
Migra@ng  Slides  for  Mac   1.  For  best  results,  simply  paste  your  slides  into  this   template.   2.  Apply  slide  layouts  using  the  Layout  buRon  under   the  Format  tab.     3.  If  Layout  s@ll  does  not  reflect  the  desired  Master   Layout,  choose  Reset  Layout  to  Default  seQngs.   4.  Delete  unwanted  template  slides  (any  slides  a•er   Last  Slide).     5.  Choose  Save  As  to  save  the  file  without   overwri@ng  the  template.   55  
Migra@ng  Slides  for  PC   1.  For  best  results,  simply  paste  your  slides  into  this  template.   –  Pas@ng  a•er  a  bullet  slide  is  recommended   2.  Review  all  slides  and  make  formaeng  adjustments  as  needed   –  On  the  Home  ribbon,  click  Layout  and  select  the  correct  slide  layout   –  Click  Reset  to  reset  all  slide  elements  to  the  default  size  and  posi@on   –  Check  for  hidden  text,  such  as  white  text  on  a  white  background   3.  Delete  unnecessary  template  slides   4.  Save  As  to  save  the  file  without  overwri@ng  the  template   56  
Slide  Masters   "   When  impor@ng  slides  from  another  presenta@on,  the   Slide  Masters  associated  with  those  slides  may  also  import   to  this  template.  This  is  a  ‘feature’  of  PPT  and  cannot  be   turned  off.   "   To  delete  unwanted  Slide  Masters:   –  make  sure  all  slides  in  the  presenta@on  have  the  new  template   Slide  Master  Layouts  assigned  (first  16  Slide  Masters  shown   under  Layout)   –  Go  to  View/Master  to  delete  any  unwanted  Slide  Masters   "   The  last  Slide  Master  in  this  template  is  called  Last  Slide.   Any  Slide  Masters  a•er  this  slide  were  likely  imported   from  another  presenta@on  and  can  be  deleted  (if  no   longer  used  by  any  slides.)     57  
Important  Tips   "   This  template  uses  a  reduced  slide  size.  You  may  have  to  manually   decrease  the  size  of  some  items  such  as  strokes  and  fonts.   "   If  fonts  appear  bigger  than  desired,  remember  to  assign  a  Layout  to  your   slide  and  Reset  to  Default  SeQngs.   "   If  page  numbers  do  not  appear  or  are  the  wrong  formaeng,  remember   to  assign  a  Layout  to  your  slide  and  Reset  to  Default  SeQngs.     "   The  colors  in  your  graphics  will  automa@cally  be  shi•ed  to  the  new   paleRe.  Please  adjust  as  needed.   58  
Agenda   Agenda  item   Agenda  item   Agenda  item   Agenda  item   Agenda  item   Agenda  item   59  
2012  Goals  and  Objec@ves   "   Goal  1   "   Goal  2   "   Goal  3   "   Goal  4   "   Goal  5   60  
Standard  Slide   61  
Screenshot  Slide   Screenshot  here   62  
Two-­‐column  Format  Slide   Column  Two  Column  One   63  
 Title  Only  Slide,  60  pt.  Calibri   64  
 Title  Only  Slide,  54  pt.  Calibri   65  
Logos   Splunk  Corporate  Logo   Splunk  Product  Logo   Splunk  Storm  Logo   Splunk  Powered  Logo   66  
Icons   "   More  PowerPoint  and  Visio  Icons  available  here:   hRp://twiki.splunk.com:9000/twiki/bin/view/Main/BrandGuide#Icons       67  
App  Icons   Splunk  App  for   Enterprise  Security   Splunk  MySQL     Connector   Splunk  for  Websphere   Applica@on  Server   Splunk  App  for   Unix  and  Linux   Splunk  App  for   Web  Intelligence   Splunk  App  for   VMware   Splunk  PCI   Compliance  Suite   Splunk  App  for   Windows   68  
Splunk  Object  Style  and  Color   Hardware   Product   Business/ Corporate   Highlight  Only  Generic  Virtualiza@on   Generic   These  are  suggested   uses  for  colors  only.   69  
Applying  Splunk  Object  Style   To  apply  the  Splunk  object  style  to  any  shape:   1.  Select  the  shape  (Object  A)  with  the  desired  style   2.  Click  on  Format  Painter  (paintbrush)  tool  in  toolbar   3.  Click  on  new  shape  (Object  B)  to  apply  style   70  
Table  Example   Column  Title   Column  Title   Column  Title   Column  Title   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   71  
Table  Example   Column  Title   Column  Title   Column  Title   Column  Title   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   72  
 Sample  Customer  Success   Customer  logo  here   Customer  name   Customer  company   “Splunk  makes  it  cheaper  and   easier  for  Hughes  to  analyze   network  traffic  for  enterprise   customers  as  well  as  manage   bandwidth  for  consumer  and   small  business  customers.”   "  Bullet  placeholder   "  Bullet  placeholder   "  Bullet  placeholder   73  
Timeline  Chart   Q1   Q2   Q3   Q4   Milestone   Event   74  
Edi@ng  Charts   "   There  are  two  types  of  Charts/Graphs   in  this  template.  The  first  example   requires  manual  edi@ng.  The  rest   require  content  edi@ng  through  Excel.   "   Simply  select  the  chart,  and  choose   Edit  in  the  charts  toolbar.  The  Excel   spreadsheet  will  automa@cally  open   and  any  edits  made  will  be  reflected   in  the  chart  in  your  PowerPoint  doc.   75  
Chart  Example  (edit  manually)   Planned   Actual   Number   Number   Number   Number   Number   FY09   FY10  FY08   Previous  Year   N%  growth     over  FYxx   76  
Sample  Bar  Chart  (edit  in  Excel)   0   2   4   6   8   10   12   14   Category  1   Category  2   Category  3   Category  4   Chart  Title   Series  3   Series  2   Series  1   77  
Sample  Pie  Chart  (edit  in  Excel)   29%   17%  24%   30%   Series  1   Category  1   Category  2   Category  3   Category  4   78  
Sample  Line  Chart  (edit  in  Excel)   0   5   10   15   Category  1   Category  2   Category  3   Category  4   Axis  Title   Chart  Title   Series  3   Series  2   Series  1   79  
Collec@on   Indexing   Search   Core  Func@ons   Access   Controls   Stats/   Analy@cs   Alerts   Dashboards  Reports   Apps  and  Solu@ons   Applica@on   Monitoring   SDK  User  Interface   APIs   IT   Opera@ons   Security   Compliance   Business   Analy@cs   Web   Intelligence   80  
Quote  Box   Our  mission  is  to  make  machine  data  accessible,   useable  and  valuable  to  everyone.   81  
Quote  Box   “A  pessimist  sees  the  difficulty  in  every   opportunity;  an  op@mist  sees  the   opportunity  in  every  difficulty.”     -­‐  Winston  Churchill   82  
Quote  Box   Over  half  of  the  Fortune  100  use  Splunk  to   gain  valuable  business  insights.   83  
Thank  You  

Recomendados

Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGeorg Knon
 
Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationGeorg Knon
 
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingSplunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingGeorg Knon
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nycDimitri McKay - CISSP
 
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunk
 

Recomendados

Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGeorg Knon
 
Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationGeorg Knon
 
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingSplunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingGeorg Knon
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nycDimitri McKay - CISSP
 
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunk
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaEdureka!
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunk
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureSplunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionGeorg Knon
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunk
 
Data Models Breakout Session
Data Models Breakout SessionData Models Breakout Session
Data Models Breakout SessionSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Splunk overview
Splunk overviewSplunk overview
Splunk overviewDaniel Hernandez
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101Splunk
 
Getting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoGetting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoSplunk
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingSplunk
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGeorg Knon
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners SessionDavid Lutz
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for DevelopersSplunk
 
Splunk in integration testing
Splunk in integration testingSplunk in integration testing
Splunk in integration testingAlbert Witteveen
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
SplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunk
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunk
 
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunk
 
Connect 2014 SHOW102: XPages Still No Experience Necessary
Connect 2014 SHOW102: XPages Still No Experience NecessaryConnect 2014 SHOW102: XPages Still No Experience Necessary
Connect 2014 SHOW102: XPages Still No Experience Necessarypanagenda
 
Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)Zoumana Diomande
 

Mais conteúdo relacionado

Mais procurados

Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaEdureka!
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunk
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureSplunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionGeorg Knon
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunk
 
Data Models Breakout Session
Data Models Breakout SessionData Models Breakout Session
Data Models Breakout SessionSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101Splunk
 
Getting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoGetting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoSplunk
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingSplunk
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGeorg Knon
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners SessionDavid Lutz
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for DevelopersSplunk
 
Splunk in integration testing
Splunk in integration testingSplunk in integration testing
Splunk in integration testingAlbert Witteveen
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
SplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunk
 

Mais procurados (18)

Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT Operations
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - Architecture
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout Session
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk Overview
 
Data Models Breakout Session
Data Models Breakout SessionData Models Breakout Session
Data Models Breakout Session
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
 
Getting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoGetting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - Demo
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out Session
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Session
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
 
Splunk in integration testing
Splunk in integration testingSplunk in integration testing
Splunk in integration testing
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
 
SplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojo
 

Semelhante a SplunkLive! Hamburg / München Advanced Session

SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunk
 
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunk
 
Connect 2014 SHOW102: XPages Still No Experience Necessary
Connect 2014 SHOW102: XPages Still No Experience NecessaryConnect 2014 SHOW102: XPages Still No Experience Necessary
Connect 2014 SHOW102: XPages Still No Experience Necessarypanagenda
 
Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)Zoumana Diomande
 
SplunkLive! Advanced Session
SplunkLive! Advanced SessionSplunkLive! Advanced Session
SplunkLive! Advanced SessionSplunk
 
SplunkLive! Developer Session
SplunkLive! Developer SessionSplunkLive! Developer Session
SplunkLive! Developer SessionSplunk
 
Tutorial 1: Your First Science App - Araport Developer Workshop
Tutorial 1: Your First Science App - Araport Developer WorkshopTutorial 1: Your First Science App - Araport Developer Workshop
Tutorial 1: Your First Science App - Araport Developer WorkshopVivek Krishnakumar
 
SplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer PlatformSplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer PlatformSplunk
 
Orangescrum Mobile API Add on User Manual
Orangescrum Mobile API Add on User ManualOrangescrum Mobile API Add on User Manual
Orangescrum Mobile API Add on User ManualOrangescrum
 
Customising the CloudStack UI - CloudStack European User Group Virtual, May 2...
Customising the CloudStack UI - CloudStack European User Group Virtual, May 2...Customising the CloudStack UI - CloudStack European User Group Virtual, May 2...
Customising the CloudStack UI - CloudStack European User Group Virtual, May 2...ShapeBlue
 
SAPUI5 & OpenUI5 for SAP InnoJam
SAPUI5 & OpenUI5 for SAP InnoJamSAPUI5 & OpenUI5 for SAP InnoJam
SAPUI5 & OpenUI5 for SAP InnoJamDenise Nepraunig
 
How to Implement Micro Frontend Architecture using Angular Framework
How to Implement Micro Frontend Architecture using Angular FrameworkHow to Implement Micro Frontend Architecture using Angular Framework
How to Implement Micro Frontend Architecture using Angular FrameworkRapidValue
 
Google App Engine for Java
Google App Engine for JavaGoogle App Engine for Java
Google App Engine for JavaLars Vogel
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionSplunk
 
Load Testing: See a Bigger Picture
Load Testing: See a Bigger PictureLoad Testing: See a Bigger Picture
Load Testing: See a Bigger PictureAlexander Podelko
 
Application Express - A web development environment for the masses - and for ...
Application Express - A web development environment for the masses - and for ...Application Express - A web development environment for the masses - and for ...
Application Express - A web development environment for the masses - and for ...Sage Computing Services
 
Building iPad apps with Flex - 360Flex
Building iPad apps with Flex - 360FlexBuilding iPad apps with Flex - 360Flex
Building iPad apps with Flex - 360Flexdanielwanja
 

Semelhante a SplunkLive! Hamburg / München Advanced Session (20)

SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced Session
 
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party Visualization
 
Connect 2014 SHOW102: XPages Still No Experience Necessary
Connect 2014 SHOW102: XPages Still No Experience NecessaryConnect 2014 SHOW102: XPages Still No Experience Necessary
Connect 2014 SHOW102: XPages Still No Experience Necessary
 
Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)
 
SplunkLive! Advanced Session
SplunkLive! Advanced SessionSplunkLive! Advanced Session
SplunkLive! Advanced Session
 
Os Haase
Os HaaseOs Haase
Os Haase
 
Splunk Developer Platform
Splunk Developer PlatformSplunk Developer Platform
Splunk Developer Platform
 
SplunkLive! Developer Session
SplunkLive! Developer SessionSplunkLive! Developer Session
SplunkLive! Developer Session
 
Tutorial 1: Your First Science App - Araport Developer Workshop
Tutorial 1: Your First Science App - Araport Developer WorkshopTutorial 1: Your First Science App - Araport Developer Workshop
Tutorial 1: Your First Science App - Araport Developer Workshop
 
SplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer PlatformSplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer Platform
 
Orangescrum Mobile API Add on User Manual
Orangescrum Mobile API Add on User ManualOrangescrum Mobile API Add on User Manual
Orangescrum Mobile API Add on User Manual
 
Customising the CloudStack UI - CloudStack European User Group Virtual, May 2...
Customising the CloudStack UI - CloudStack European User Group Virtual, May 2...Customising the CloudStack UI - CloudStack European User Group Virtual, May 2...
Customising the CloudStack UI - CloudStack European User Group Virtual, May 2...
 
SAPUI5 & OpenUI5 for SAP InnoJam
SAPUI5 & OpenUI5 for SAP InnoJamSAPUI5 & OpenUI5 for SAP InnoJam
SAPUI5 & OpenUI5 for SAP InnoJam
 
How to Implement Micro Frontend Architecture using Angular Framework
How to Implement Micro Frontend Architecture using Angular FrameworkHow to Implement Micro Frontend Architecture using Angular Framework
How to Implement Micro Frontend Architecture using Angular Framework
 
Google App Engine for Java
Google App Engine for JavaGoogle App Engine for Java
Google App Engine for Java
 
PowerApps
PowerAppsPowerApps
PowerApps
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
 
Load Testing: See a Bigger Picture
Load Testing: See a Bigger PictureLoad Testing: See a Bigger Picture
Load Testing: See a Bigger Picture
 
Application Express - A web development environment for the masses - and for ...
Application Express - A web development environment for the masses - and for ...Application Express - A web development environment for the masses - and for ...
Application Express - A web development environment for the masses - and for ...
 
Building iPad apps with Flex - 360Flex
Building iPad apps with Flex - 360FlexBuilding iPad apps with Flex - 360Flex
Building iPad apps with Flex - 360Flex
 

Mais de Georg Knon

Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...Georg Knon
 
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...Georg Knon
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomGeorg Knon
 
SplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case HelvetiaSplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case HelvetiaGeorg Knon
 
SplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case AdcubumSplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case AdcubumGeorg Knon
 
Splunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application ManagementSplunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application ManagementGeorg Knon
 
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...Georg Knon
 
Splunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational IntelligenceSplunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational IntelligenceGeorg Knon
 
5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer Security5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer SecurityGeorg Knon
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service IntelligenceGeorg Knon
 
Data models pivot with splunk break out session
Data models pivot with splunk break out sessionData models pivot with splunk break out session
Data models pivot with splunk break out sessionGeorg Knon
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service IntelligenceGeorg Knon
 
Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015Georg Knon
 
Webinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligenceWebinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligenceGeorg Knon
 
Splunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit InformationenSplunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit InformationenGeorg Knon
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrGeorg Knon
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysGeorg Knon
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 
Splunk und das Triage Tool THOR
Splunk und das Triage Tool THORSplunk und das Triage Tool THOR
Splunk und das Triage Tool THORGeorg Knon
 
Splunk live! roma 2015 HBG Gaming presentation
Splunk live! roma 2015 HBG Gaming presentationSplunk live! roma 2015 HBG Gaming presentation
Splunk live! roma 2015 HBG Gaming presentationGeorg Knon
 

Mais de Georg Knon (20)

Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
 
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 
SplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case HelvetiaSplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case Helvetia
 
SplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case AdcubumSplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case Adcubum
 
Splunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application ManagementSplunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application Management
 
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
 
Splunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational IntelligenceSplunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
 
5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer Security5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer Security
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service Intelligence
 
Data models pivot with splunk break out session
Data models pivot with splunk break out sessionData models pivot with splunk break out session
Data models pivot with splunk break out session
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service Intelligence
 
Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015
 
Webinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligenceWebinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligence
 
Splunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit InformationenSplunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit Informationen
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
 
Splunk und das Triage Tool THOR
Splunk und das Triage Tool THORSplunk und das Triage Tool THOR
Splunk und das Triage Tool THOR
 
Splunk live! roma 2015 HBG Gaming presentation
Splunk live! roma 2015 HBG Gaming presentationSplunk live! roma 2015 HBG Gaming presentation
Splunk live! roma 2015 HBG Gaming presentation
 

Último

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 

Último (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 

SplunkLive! Hamburg / München Advanced Session

  • 1. 14.05.2013   Juergen  Magiera       Technical   Workshops   Advanced  User  Training   Advanced  Training    
  • 2. Agenda   •  Assump@ons   •  Building  Apps   •  Users  and  Roles   •  Splunk  By  Example  –  Deconstruc@ng  the  Demo   •  Support  and  Community   2  
  • 4. You  Are  in  This  Session  Because….   •  You  have  developed  advanced  searches  with  Splunk  to   manipulate    and  present  data   •  You  have  mastered  sourcetyping  and  extrac@ng  fields   •  You  have  built  reports  beyond  |  @mechart  count   •  You  have  created  dashboards  of  some  kind   •  You  have  hRp://www.splunk.com/base/Documenta@on   bookmarked   •  You  have  seen  all  of  the  Splunk  Ninja  videos   4  
  • 6. What  is  An  App,  Anyway?   •  Terminology   •  Apps  –  A  workspace  that  solves  a  specific  use  case  with  a  navigable  view   •  Add-­‐on  –  A  reusable  Splunk  component  that  does  not  contain  a  view   •  Example   •  Splunk  for  Cisco  Security  is  an  App   •  The  collec@on  of  field  extrac@ons/sourcetypes/transforms/eventypes   that   map  raw  firewall  logs  is  an  Add-­‐on     6  
  • 7. What  You  Need  to  Create  an  App   "   Some  data     "   Add-­‐ons  (Use  ours  or  build  your  own)   "   Splunk  Objects   –  Saved  Searches   –  Reports   –  Dashboards   –  Views   "   Text  Editor  (Komodo  Edit,  Text  Wrangler,  vi,  Notepad)  for  Advanced   XML   "   Web  development  tools  (Firebug,  etc)   7  
  • 8. Geeng  Started  is  Easy   8   This  will  build  the  necessary  directory  structure  in   $SPLUNK_HOME/etc/apps  
  • 9. app.conf   9   The  Interes@ng  Stuff:   •  version = <version string> -­‐    Give  your  App  a  version  number.    Important  if   you  plan  to  put  on  Splunkbase   •  id = <appid> -­‐  Must  be  same  as  folder  name  where  your  app  lives.    With  version,   used  to  check  for  App  updates  on  Splunkbase   •  state_change_requires_restart = true | false -­‐  Install  Apps  without   restar@ng!  Check  $SPLUNK_HOME/etc/system/default/apps.conf.    If  Splunk  touches  any   endpoint  not  listed,  restart  required     •  build = <integer> -­‐  Change  with  version  so  browsers  don’t  use  cached  copies  of   old  sta@c  files  
  • 11. Users  and  Roles     11   Problem  Inves@ga@on   Problem  Inves@ga@on   Problem  Inves@ga@on   Save   Searches   Share   Searches   LDAP,  AD     Users  and  Groups   Splunk  Flexible  Roles   Manage   Users   Manage   Indexes   Capabili@es  &  Filters   NOT   tag=PCI   App=ERP   …   Map  LDAP  &  AD  groups  to  flexible  Splunk  roles.  Define  any  search  as  a  filter.   Integrate  authen@ca@on  with  LDAP  and  Ac@ve  Directory.  
  • 12. Maps  Roles  to  Apps   12   Op@ons  for  Logical  Data  Par@@oning   •  Map  Roles  to  Indexes     •  Map  Roles  to  Sourcetypes     Once  your  Apps  are  built,  mapping  Apps  to  Roles  is  easy:  
  • 13. Other  User  Control  Methods   13   Edit  Permissions  by  App  in  the  App  Manager     Remove  op@ons  for  users  in  the  AccountBar     <module name="AccountBar" layoutPanel="appHeader">! <param name="mode">lite</param>! </module> !
  • 14. Splunk  By  Example   Basic  UI  Customiza@on  
  • 15. *Disclaimer   "   The  App  and  Splunk  Web  customiza@ons  that  we  will  show  in  this   presenta@on  are  by  no  means  comprehensive   "   Please  see  the  Developer  Manual  for  more  detail   "    hRp://www.splunk.com/base/Documenta@on/latest/Developer/   15  
  • 16. Launch  Page   "   In  the  demo  we  saw  a  slide  as  a  landing  page  instead  of  a  dashboard.   "   How  did  you  do  that?   16   Screenshot  here  
  • 17. Where  Stuff  Lives   "   $SPLUNK_HOME/etc/apps/your_app_name   "   $SPLUNK_HOME/etc/apps/your_app_name/default   –  Put  all  Splunk  configura@on  files  for  you  App  here   "   $SPLUNK_HOME/etc/apps/your_app_name/default/data/ui/nav   –  Contains  default.xml,  defines  naviga@on  menus   "   $SPLUNK_HOME/etc/apps/your_app_name/default/data/ui/views   –  All  dashboard  and  view  xml  files  live  here   "   $SPLUNK_HOME/etc/apps/your_app_name/appserver   –  Add  images,  CSS,  or  HTML   17  
  • 18. Where  Stuff  Lives,  Cont.   "   $SPLUNK_HOME/etc/apps/your_app_name/bin   –  Custom  scripts  or  executables  for  your  App   "   $SPLUNK_HOME/etc/apps/your_app_name/local   –  For  users  and  admins  to  edit  default  configura@ons   "   $SPLUNK_HOME/etc/apps/your_app_name/metadata   –  Stores  object  permissions   18  
  • 19. Working  Backward  -­‐  Navs   "   default/data/ui/nav/default.xml   "   <nav>   "    <collec@on  label="About">   "                    <view  name="arch"  default="true"  />   "      <divider  />   "      <a  href="mailto:feedback@mycompany.com">Send  Feedback...</a>   "    </collec@on>   "    <collec@on  label="IT  Opera@ons">   "      <view  name="opera@onal_visibility"  />   "      <view  name="env_state"  />…   19  
  • 20. The  “arch.xml”  View   "  default/data/ui/views/arch.xml   "  <?xml  version='1.0'  encoding='u}-­‐8'?>   "  <dashboard>   "  <label>Architecture</label>   "     <row>   "                 <html>   "                                 <h1>Welcome  to  the  Applica@on  Management  Demo</h1>   "                                 <h3>   "                                 This  Splunk  instance  is  capturing  data  from  a  variety  of  applica@ons,  opera@ng  systems  and  network  devices.   "                                 </h3>   "                                 <center>   "                                                 <a  href="opera@onal_visibility">   "                                                 <img  src="/sta@c/app/appmgmt/arch.gif"/>   "                                                 </a>  …   "                   20   Link  when  clicked   Image  to  display  
  • 21. Manage/Edit  Your  Navs  and  Views  in  Splunk  Web   21  
  • 22. Other  Customiza@on  Op@ons   "   App  Icon  –  create  your  own  icon  to  show  on  Home  screen   –  $SPLUNK_HOME/etc/apps/your_app_name/appserver/sta@c/appIcon.png   "   Custom  Cascading  Style  Sheets  (CSS)  -­‐  background  colors,  fonts,  logos,   buRons,  naviga@on,  menus,  etc   –  Default:  $SPLUNK_HOME/share/splunk/search_mrsparkle/exposed/css/skins/ default/default.css   –  Create  your  applica@on.css  in  $SPLUNK_HOME/etc/app/your_app_name/ appserver/sta@c   –  See  Splunk  Apps  (Splunk  for  *NIX,  Splunk  for  Windows,  etc)  for  examples   22  
  • 23. Dashboards  and  Views   "   Simplified  XML   –  Use  the  Visual  Dashboard  editor  to   auto-­‐generate  simplified  XML   –  Adjust  panel  layouts   –  Modify  underlying  searches  and   format  charts  via  Report  Builder  or   edit  by  hand   23   <dashboard>    <label>My  dashboard</label>    <row>      <chart>        <searchName>My  saved  report</searchName>          <op@on  name="char@ng.chart">line</op@on>          <op@on  name="height">200</op@on>        </chart>      </row>   </dashboard>  
  • 24. Dashboards  and  Views   "   Advanced  XML   –  Provides  extended  customiza@on  and  control  over  simplified  XML   –  All  pages  and  dashboards  in  Splunk  are  composed  of  one  or  many  modules   –  Each  module  contains  params  that  control  module  specific  configura@ons   "   Check  out  available  modules   –  hRp://localhost:8000/modules   "   View  any  Splunk  page  in  Advanced  XML   –  hRp://localhost:8000/en-­‐US/app/<app_name>/<dashboard_name>? showsource=true   24  
  • 25. Opera@onal  Visibility  –  Current  Capacity   "   Uses  a  real-­‐@me  search   "   Sets  thresholds  with  a  filler  gauge   "   Includes  some  text   "   Rotated  horizontally   "   Displays  as  a  percentage   25  
  • 26. Building  a  Real-­‐Time  Search/Report   26   From  the  CPU   sourcetype   Take  the  most   recent  event   Extract  column   headings  to  fields,  only   return  the  “pctSystem”   field   Send  pctSystem  to   gauge  command  seeng   ranges   2.   1.   Set  @me  range,  Real-­‐ @me,  30  second  window   3.  
  • 27. Command  Reference   27   sourcetype=cpu | head 1 | multikv fields pctSystem | gauge pctSystem 0 25 50 75 100!                             Command   Usage   Example   head   head <N> -­‐  return  N  events  (default  is  10)   head <eval-expression> -­‐  a  valid   eval  expression   | head 500! | head (foo>80)   mul2kv   multikv  fields  <field-list> -­‐ extracts  field  values  from  table-­‐formaRed   events  and  filters  out  from  extracted  events   fields  not  in  the  given  field  list   | multikv fields foo! gauge   gauge <field>  -­‐  transforms  results  into   a  format  for  display  in  Gauge  chart  types  and   sets  gauge  regions   | gauge foo 0 25 50 75 100!
  • 28. Building  a  Real-­‐Time  Search/Report   28   4.   5.  
  • 29. Edit  Using  Advanced  XML   29   <module name="StaticContentSample" layoutPanel="panel_row1_col3">! <param name="text">Calculated based on maximum architecture throughput and capacity.</param>! </module>! <module name="HiddenSavedSearch" layoutPanel="panel_row1_col3" group=”Current Capacity" autoRun="True">! <param name="savedSearch">AppMgmt - Capacity - Filler Gauge</param>! <param name="groupLabel">Current Capacity</param>! <module name="ViewstateAdapter">! <param name="savedSearch">AppMgmt - Capacity - Filler Gauge</param>! <module name="HiddenFieldPicker">! <param name="strictMode">True</param>! <module name="JobProgressIndicator">! <module name="EnablePreview">! <param name="enable">True</param>! <param name="display">False</param>! <module name="HiddenChartFormatter">! <param name="charting.chart.usePercentageValue">true</param>! <param name="charting.chart.orientation">x</param>! <module name="FlashChart">! <param name="width">100%</param>! <module name="ConvertToDrilldownSearch">! <module name="ViewRedirector">! <param name="viewTarget">flashtimeline</param>…..!                             Dashboard  posi@on   Text   Panel  Title   Saved  Search  Name   Display  as  percentage   Rotate  Horizontally  
  • 30. Add  a  Single  Value  BuRon   "   Construct  your  search   " sourcetype="access_combined"  ac@on="purchase"     "   |  stats  avg(price)  as  price     "   |  eval  basketvalue  =  "$"  +  tostring(round(price,2),  "commas")     "   |  rangemap  field=basketvalue  severe=0-­‐50  elevated=50-­‐75  default=low   30   On  our  web  logs,  pull   out  the  “purchase   events   Use  the  “stats”  command  to   take  an  average  of  a  field   Format  for  display  in  buRon   Use  “rangemap”  to  set   thresholds  
  • 31. Command  Reference   31   sourcetype="access_combined" action="purchase” | stats avg(price) as price | eval basketvalue = "$" + tostring(round(price,2), "commas") | rangemap field=basketvalue severe=0-50 elevated=50-75 default=low!                             Command   Usage   Example   stats   stats (stats-function(field) [as field]) + [by field-list] – provides  sta@s@cs  grouped  op@onally  by   field   | stats avg(foo) as foobar by bar   stats functions - avg() , c() , count() , dc() , distinct_count() , first() , last() , list() , max() , median() , min() , mode() , p<in>() , perc<int>() , per_day() , per_hour() , per_minute() , per_second() , range() , stdev() , stdevp() , sum() , sumsq() , values() , var() , varp() !                            
  • 32. Command  Reference   32   sourcetype="access_combined" action="purchase” | stats avg(price) as price | eval basketvalue = "$" + tostring(round(price,2), "commas") | rangemap field=basketvalue severe=0-50 elevated=50-75 default=low!                             Command   Usage   Example   eval   eval eval-field=eval- expression –  calculates  an  expression   and  put  the  result  in  a  field   | eval foo = if(bar==200, “OK”, “Error”)   eval functions - abs(), case(), ceil() , ceiling(), cidrmatch(), coalesce(), commands(), exact(), exp(), floor(), if(), ifnull(), isbool(), isint(), isnotnull(), isnull(), isnum(), isstr(), len(), like(), ln(), log(), lower(), ltrim(), match(), max(), md5(), min(), mvappend(), mvcount(), mvindex(), mvfilter(), mvjoin(), now(), null(), nullif(), pi(), pow(), random(), relative_time(), replace(), round(), rtrim(), searchmatch(), split(), sqrt(), strftime(), strptime(), substr(), time(), tonumber(), tostring(), trim(), typeof(), upper(), urldecode(), validate()  
  • 33. Command  Reference   33   sourcetype="access_combined" action="purchase” | stats avg(price) as price | eval basketvalue = "$" + tostring(round(price,2), "commas") | rangemap field=basketvalue severe=0-50 elevated=50-75 default=low!                             Command   Usage   Example   rangemap   rangemap field=<string> (<attrn>=<number>-<number>) + [default=<string>] –  sets  range   field  to  the  name  of  the  ranges  that  match   | rangemap field=foo low=0-10 elevated=11-20 severe=21-30 default=low   Note:  Splunk  ships  with  CSS  that  defines  colors  for  low,  elevated,  and  severe.    You  can  customize  CSS   for  these  values.  
  • 34. Embed  Search  and  Time-­‐range  in  View   34   <module name="StaticContentSample" layoutPanel="panel_row1_col2">! <param name="text">Real-time average shopping cart values.</param>! </module>! <module name="HiddenSearch" layoutPanel="panel_row1_col2" group="RT Shopping Cart Value" autoRun="True">! <param name="search">sourcetype="access_combined" action="purchase" | stats avg(price) as price | eval basketvalue = "$" + tostring(round(price,2), "commas") | rangemap field=basketvalue severe=0-50 elevated=50-75 default=low</param>! <param name="groupLabel">RT Shopping Cart Value</param>! <param name="earliest">rt-1m</param>! <param name="latest">rt</param>! <module name="ViewstateAdapter">! <module name="HiddenFieldPicker">! <param name="strictMode">True</param>! <module name="JobProgressIndicator">! <module name="SingleValue">! <param name="field">basketvalue</param>! <param name="classField">range</param>.....! Our  Search   Real-­‐@me  1  minute   window   Use  the  “basketvalue”   field      
  • 35. Build  a  Stacked  Column  Chart   "   Uses  a  lookup  table  to  map  a  Product  ID  to  a  Product  Name   "   Uses  “@mechart”  command  to  display  results  over  @me   35  
  • 36. Use  a  Lookup  Table   36   •  In  props.conf   [access_combined]! LOOKUP-prod = prod_id_lookup product_id OUTPUT product_name, price, tdf_price, call_flwrs_price!   •  In  transforms.conf   [prod_id_lookup]! filename = prod_lookup.csv   •  In  lookup  directory,  prod_lookup.csv   product_id,product_name,price,tdf_pri ce,call_flwrs_price! RP-LI-02,Chocolate Dreams Confections,379,299,319!  
  • 37. Construct  Your  Search  and  Format   37   •  Either  define  in  Report  wizard   •  Or  in  view  XML   <module name="HiddenChartFormatter">! <param name="chart">column</param>! <param name=“stackMode”>stacked</param>!  
  • 38. Command  Reference   38   sourcetype="access_combined” | timechart count by product_name   Command   Usage   Example   2mechart   timechart [agg=<stats-agg- term>] [<bucketing-option> ]* (<single-agg> [by <split-by- clause>] )   | timechart span=1m avg(foo) by bar   timechart functions (same as stats) - avg() , c() , count() , dc() , distinct_count() , first() , last() , list() , max() , median() , min() , mode() , p<in>() , perc<int>() , per_day() , per_hour() , per_minute() , per_second() , range() , stdev() , stdevp() , sum() , sumsq() , values() , var() , varp() !                            
  • 39. Building  a  Correla@on  Search   "   Uses  a  simple  Boolean  search  to  get  results  from  both  sourcetypes   "   Uses  a  search  macro  to  process  results  and  display   39  
  • 40. Using  a  Search  Macro   "   Define  in  Manager  >  Advanced  search  >  Search  macros   "   Reuse  chunks  of  searches  as  part  of  your  search  string  like  a  func@on   40   "   Invoke  using  the  le•  quote  character        
  • 41. Raw  Event  Output   "   Contain  asynchronous  entries   "   Possible  duplicates   41  
  • 42. Step  1   "   Get  rid  of  duplicate  events  or  duplicate  users   42   sourcetype=mysql_config OR sourcetype=remedy_changeticket ! | dedup _raw, User ! | transaction TicketId, User ! | eval hasTicket = if(eventcount > 1, "Yes", "No") ! | rename PrevPropValue as "Original_Value", NewPropValue as "New_Value", hasTicket as "Change_Ticket" ! | fields _time, User, Property, "Original_Value", "New_Value", "Change_Ticket"!
  • 43. Step  2   "   Combine  two  asynchronous  events  into  one  event  using  transac@on   command   –  Note:  can  also  define  boundaries  for  length  of  events  (maxspan)  or  @me   between  events  (maxpause)   "   Use  the  same  “TicketId”  and  “User”  fields  between  the  two  events  to   group   "   Will  produce  metadata  field  “dura@on”  and  “eventcount”   43   sourcetype=mysql_config OR sourcetype=remedy_changeticket ! | dedup _raw, User ! | transaction TicketId, User ! | eval hasTicket = if(eventcount > 1, "Yes", "No") ! | rename PrevPropValue as "Original_Value", NewPropValue as "New_Value", hasTicket as "Change_Ticket" ! | fields _time, User, Property, "Original_Value", "New_Value", "Change_Ticket"!
  • 44. Step  3   "   Use  eval  to  create  a  new  field  “hasTicket”   "   Use  “eventcount”  field  generated  by  transac@on  command   "   In  the  results,  if  the  uber-­‐event  has  >  1  event  then  there  is  an  change   with  an  associated  change  @cket,  otherwise  “hasTicket”  is  “No”   44   sourcetype=mysql_config OR sourcetype=remedy_changeticket ! | dedup _raw, User ! | transaction TicketId, User ! | eval hasTicket = if(eventcount > 1, "Yes", "No") ! | rename PrevPropValue as "Original_Value", NewPropValue as "New_Value", hasTicket as "Change_Ticket" ! | fields _time, User, Property, "Original_Value", "New_Value", "Change_Ticket"!
  • 45. Step  4   "   Formaeng  and  results   "   Rename  a  few  fields  for  clarity  in  dashboard  results   "   Use  fields  command  to  only  display  what  we  need  to  see   45   sourcetype=mysql_config OR sourcetype=remedy_changeticket ! | dedup _raw, User ! | transaction TicketId, User ! | eval hasTicket = if(eventcount > 1, "Yes", "No") ! | rename PrevPropValue as "Original_Value", NewPropValue as "New_Value", hasTicket as "Change_Ticket" ! | fields _time, User, Property, "Original_Value", "New_Value", "Change_Ticket"!
  • 47. Support  Through  the  Splunk  Community   47   Browse and share Apps from Splunk, Partners and the Community splunkbase.splunk.com Splunkbase   Community-driven knowledge exchange and Q&A answers.splunk.com 3 days, more than 100 sessions, the smartest Splunk users together http://conf.splunk.com
  • 48. Where  to  Go  for  Help   "   Documenta@on   –  hRp://www.splunk.com/base/Documenta@on   "   Technical  Support     –  hRp://www.splunk.com/support   "   Videos   –  hRp://www.splunk.com/videos   "   Educa@on   –  hRp://www.splunk.com/goto/educa@on   "   Professional  Services   48  
  • 49.
  • 50. Thank  you   Date     Technical   Workshops   Advanced  User  Training  
  • 51. Copyright  ©  2013  Splunk  Inc.  
  • 53. Saving  the  Template  for  Mac   "   To  save  this  theme,  go  to  Themes   Tab,  click  Save  Theme   "   To  set  this  as  your  default  theme,   click  the  arrow  next  to  Save  Theme   and  choose  Set  Current  Theme  as   Default   "   OR  click  Save  Theme  and  overwrite   the  default  file  seen  in  the  my   themes  folder.     53  
  • 54. Saving  the  Template  for  PC   "   A•er  downloading  the  file  to  your  computer,  you  might     want  to  save  it  as  your  default  template   –  Open  the  file  (if  it  did  not  open  automa@cally  a•er  downloading)   –  Click  the  Office  BuGon   –  Select  Save  As,  Other  Formats   –  Click  the  down  arrow  in  the  Save  as  type  box  and  select    PowerPoint  Template  (*.potx)   –  Replace  the  text  in  the  File  name  box  with  the  word  Blank  and  click  Save   "   The  file  will  be  saved  as  Blank.potx,  which  PowerPoint  recognizes  as  the  default   template  file   54  
  • 55. Migra@ng  Slides  for  Mac   1.  For  best  results,  simply  paste  your  slides  into  this   template.   2.  Apply  slide  layouts  using  the  Layout  buRon  under   the  Format  tab.     3.  If  Layout  s@ll  does  not  reflect  the  desired  Master   Layout,  choose  Reset  Layout  to  Default  seQngs.   4.  Delete  unwanted  template  slides  (any  slides  a•er   Last  Slide).     5.  Choose  Save  As  to  save  the  file  without   overwri@ng  the  template.   55  
  • 56. Migra@ng  Slides  for  PC   1.  For  best  results,  simply  paste  your  slides  into  this  template.   –  Pas@ng  a•er  a  bullet  slide  is  recommended   2.  Review  all  slides  and  make  formaeng  adjustments  as  needed   –  On  the  Home  ribbon,  click  Layout  and  select  the  correct  slide  layout   –  Click  Reset  to  reset  all  slide  elements  to  the  default  size  and  posi@on   –  Check  for  hidden  text,  such  as  white  text  on  a  white  background   3.  Delete  unnecessary  template  slides   4.  Save  As  to  save  the  file  without  overwri@ng  the  template   56  
  • 57. Slide  Masters   "   When  impor@ng  slides  from  another  presenta@on,  the   Slide  Masters  associated  with  those  slides  may  also  import   to  this  template.  This  is  a  ‘feature’  of  PPT  and  cannot  be   turned  off.   "   To  delete  unwanted  Slide  Masters:   –  make  sure  all  slides  in  the  presenta@on  have  the  new  template   Slide  Master  Layouts  assigned  (first  16  Slide  Masters  shown   under  Layout)   –  Go  to  View/Master  to  delete  any  unwanted  Slide  Masters   "   The  last  Slide  Master  in  this  template  is  called  Last  Slide.   Any  Slide  Masters  a•er  this  slide  were  likely  imported   from  another  presenta@on  and  can  be  deleted  (if  no   longer  used  by  any  slides.)     57  
  • 58. Important  Tips   "   This  template  uses  a  reduced  slide  size.  You  may  have  to  manually   decrease  the  size  of  some  items  such  as  strokes  and  fonts.   "   If  fonts  appear  bigger  than  desired,  remember  to  assign  a  Layout  to  your   slide  and  Reset  to  Default  SeQngs.   "   If  page  numbers  do  not  appear  or  are  the  wrong  formaeng,  remember   to  assign  a  Layout  to  your  slide  and  Reset  to  Default  SeQngs.     "   The  colors  in  your  graphics  will  automa@cally  be  shi•ed  to  the  new   paleRe.  Please  adjust  as  needed.   58  
  • 59. Agenda   Agenda  item   Agenda  item   Agenda  item   Agenda  item   Agenda  item   Agenda  item   59  
  • 60. 2012  Goals  and  Objec@ves   "   Goal  1   "   Goal  2   "   Goal  3   "   Goal  4   "   Goal  5   60  
  • 63. Two-­‐column  Format  Slide   Column  Two  Column  One   63  
  • 64.  Title  Only  Slide,  60  pt.  Calibri   64  
  • 65.  Title  Only  Slide,  54  pt.  Calibri   65  
  • 66. Logos   Splunk  Corporate  Logo   Splunk  Product  Logo   Splunk  Storm  Logo   Splunk  Powered  Logo   66  
  • 67. Icons   "   More  PowerPoint  and  Visio  Icons  available  here:   hRp://twiki.splunk.com:9000/twiki/bin/view/Main/BrandGuide#Icons       67  
  • 68. App  Icons   Splunk  App  for   Enterprise  Security   Splunk  MySQL     Connector   Splunk  for  Websphere   Applica@on  Server   Splunk  App  for   Unix  and  Linux   Splunk  App  for   Web  Intelligence   Splunk  App  for   VMware   Splunk  PCI   Compliance  Suite   Splunk  App  for   Windows   68  
  • 69. Splunk  Object  Style  and  Color   Hardware   Product   Business/ Corporate   Highlight  Only  Generic  Virtualiza@on   Generic   These  are  suggested   uses  for  colors  only.   69  
  • 70. Applying  Splunk  Object  Style   To  apply  the  Splunk  object  style  to  any  shape:   1.  Select  the  shape  (Object  A)  with  the  desired  style   2.  Click  on  Format  Painter  (paintbrush)  tool  in  toolbar   3.  Click  on  new  shape  (Object  B)  to  apply  style   70  
  • 71. Table  Example   Column  Title   Column  Title   Column  Title   Column  Title   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   71  
  • 72. Table  Example   Column  Title   Column  Title   Column  Title   Column  Title   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   Text   72  
  • 73.  Sample  Customer  Success   Customer  logo  here   Customer  name   Customer  company   “Splunk  makes  it  cheaper  and   easier  for  Hughes  to  analyze   network  traffic  for  enterprise   customers  as  well  as  manage   bandwidth  for  consumer  and   small  business  customers.”   "  Bullet  placeholder   "  Bullet  placeholder   "  Bullet  placeholder   73  
  • 74. Timeline  Chart   Q1   Q2   Q3   Q4   Milestone   Event   74  
  • 75. Edi@ng  Charts   "   There  are  two  types  of  Charts/Graphs   in  this  template.  The  first  example   requires  manual  edi@ng.  The  rest   require  content  edi@ng  through  Excel.   "   Simply  select  the  chart,  and  choose   Edit  in  the  charts  toolbar.  The  Excel   spreadsheet  will  automa@cally  open   and  any  edits  made  will  be  reflected   in  the  chart  in  your  PowerPoint  doc.   75  
  • 76. Chart  Example  (edit  manually)   Planned   Actual   Number   Number   Number   Number   Number   FY09   FY10  FY08   Previous  Year   N%  growth     over  FYxx   76  
  • 77. Sample  Bar  Chart  (edit  in  Excel)   0   2   4   6   8   10   12   14   Category  1   Category  2   Category  3   Category  4   Chart  Title   Series  3   Series  2   Series  1   77  
  • 78. Sample  Pie  Chart  (edit  in  Excel)   29%   17%  24%   30%   Series  1   Category  1   Category  2   Category  3   Category  4   78  
  • 79. Sample  Line  Chart  (edit  in  Excel)   0   5   10   15   Category  1   Category  2   Category  3   Category  4   Axis  Title   Chart  Title   Series  3   Series  2   Series  1   79  
  • 80. Collec@on   Indexing   Search   Core  Func@ons   Access   Controls   Stats/   Analy@cs   Alerts   Dashboards  Reports   Apps  and  Solu@ons   Applica@on   Monitoring   SDK  User  Interface   APIs   IT   Opera@ons   Security   Compliance   Business   Analy@cs   Web   Intelligence   80  
  • 81. Quote  Box   Our  mission  is  to  make  machine  data  accessible,   useable  and  valuable  to  everyone.   81  
  • 82. Quote  Box   “A  pessimist  sees  the  difficulty  in  every   opportunity;  an  op@mist  sees  the   opportunity  in  every  difficulty.”     -­‐  Winston  Churchill   82  
  • 83. Quote  Box   Over  half  of  the  Fortune  100  use  Splunk  to   gain  valuable  business  insights.   83