SlideShare a Scribd company logo

Splunk overview

D
Daniel Hernandez

Splunk search overview. Introduction to Splunk search. Splunk search concepts.

Software
1 of 31
Splunk Overview Daniel Hernandez • Twitter: @dnlstkmty November 2015
What is Splunk? [4] Splunk is a tool that can be used to index, and search data. Splunk can generate graphs, alerts, and dashboards for this data.
What kind of data is used by Splunk? [5] IT streaming and historical data. Data from: 1. Event logs (e.g. event viewer logs) 2. Web logs (e.g. IIS logs) 3. System metrics (e.g. Windows performance counters) 4. And Others sources
Splunk local, and remote data Data used by Splunk can be on the same machine (local data), or in a remote machine (remote data)
Splunk Concepts Index. Data repositories created in splunk are called Indexes. An index is a database. Event. A single piece of data in Splunk is called Event [6]. Examples - single record or entry in a log file. - single record or entry in the event viewer.
Splunk Indexing When Splunk indexes data, it breaks up the data into individual pieces and gives each piece a timestamp, host, source, and source type.
Splunk Search Elements Step 2 Step 3 Search Sub- search Index Source Source Type Host Results Step 1
Splunk Search Concepts • Index. An Index is a data repository in Splunk. • Host. Host is the name, or IP address of the network machine that originated the event. • Source. Source is the file, directory path, network port, or script from which the event was originated. • Source Type. Source Type classify the data based on how it is formatted.
Installing Splunk • Splunk installation can be done by following the steps described in the below URL: http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchTu torial/Systemrequirements
Getting Familiar with Splunk • Get familiar with Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/NavigatingSplunk
Getting Data into Splunk • Get data into Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/GetthetutorialdataintoSplunk
Splunk Search & Reporting – UI elements Application Bar Search Bar Time Rage Picker
Splunk Search & Reporting
Splunk Search & Reporting’s panels How to Search What to Search
Splunk Search – Search Result Tabs
Splunk ‘What to Search’ panel Data Summary Hosts Sources Source Types
Splunk ‘What to Search’ panel
Splunk Search Elements available after searching in Splunk Search Result Tabs Search Action Buttons Search Mode Selector ‘Save as’ menu
Splunk Search
Splunk Search – Search Result Tabs Search Result Tabs Events Statistic Visualization
Splunk Search – Search Result Tabs
Splunk Search Results – Events Tab Events Tab Timeline of events Events view options Field sidebar Search term matches
Splunk Search Results – Events Tab
Splunk Search Results – Events Tab • Shows how many events have occurred at a particular point in time. Timeline • When data is indexed, Splunk extract information from the data that is formatted as name and value pairs. Fields sidebar
Splunk Search Results – Events Tab • Shows the events that match the search criteria. Search term matches • Shows menus with options to format the search results. Event view options
Searching Data using Splunk • To search for events / logs in Splunk, go to Splunk Search page. 1. In the Search textbox, type the word(s) you want to search 2. Specify filters to narrow the search result such as host or source 3. Click on the Search icon
Searching Data using Splunk
Searching Data using Splunk • Additional details about searching data in Splunk can be found in the below link: http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchTu torial/Startsearching
References 1. Splunk for SQL Users. http://www.innovato.com/splunk/SQLSplunk.html 2. Splunk Search Tutorial. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/WelcometotheSearchTutorial 3. Splunk Search Reference. http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchRefere nce/SearchCheatsheet 4. About Splunk Enterprise http://docs.splunk.com/Documentation/Splunk/latest/Overview/Ab outSplunkEnterprise
References 5. About getting data into Splunk Enterprise. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/AboutgettingdataintoSplunk 6. Event http://docs.splunk.com/Splexicon:Event 7. Splunk Installation Manual. http://docs.splunk.com/Documentation/Splunk/6.2.0/Installation/I nstallonWindows 8. About Splunk Free http://docs.splunk.com/Documentation/Splunk/latest/Admin/More aboutSplunkFree
References 9. Get the tutorial data into Splunk http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchT utorial/GetthetutorialdataintoSplunk 10.About the Search Tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/WelcometotheSearchTutorial 11.Splunk download. http://www.splunk.com/download

Recommended

Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overviewAlex Fok
 
Splunk 101
Splunk 101Splunk 101
Splunk 101Splunk
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGeorg Knon
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaEdureka!
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Splunk
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk ArchitectureKishore Chaganti
 
Splunk
SplunkSplunk
SplunkDouglas Bernardini
 

Recommended

Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overviewAlex Fok
 
Splunk 101
Splunk 101Splunk 101
Splunk 101Splunk
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGeorg Knon
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaEdureka!
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Splunk
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk ArchitectureKishore Chaganti
 
Splunk
SplunkSplunk
SplunkDouglas Bernardini
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Splunk
 
Splunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.comSplunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.comZivaro Inc
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation PrasadThorat23
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Getting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoGetting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoSplunk
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix themWorst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix themSplunk
 
Splunk workshop-Machine Data 101
Splunk workshop-Machine Data 101Splunk workshop-Machine Data 101
Splunk workshop-Machine Data 101Splunk
 
Splunk for ITOps
Splunk for ITOpsSplunk for ITOps
Splunk for ITOpsSplunk
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical OverviewDavid Lutz
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Edureka!
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunk
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
Best Practices for Forwarder Hierarchies
Best Practices for Forwarder HierarchiesBest Practices for Forwarder Hierarchies
Best Practices for Forwarder HierarchiesSplunk
 
Splunk Insights
Splunk InsightsSplunk Insights
Splunk InsightsSunil Kumar
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGeorg Knon
 

More Related Content

What's hot

Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Splunk
 
Splunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.comSplunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.comZivaro Inc
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Getting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoGetting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoSplunk
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix themWorst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix themSplunk
 
Splunk workshop-Machine Data 101
Splunk workshop-Machine Data 101Splunk workshop-Machine Data 101
Splunk workshop-Machine Data 101Splunk
 
Splunk for ITOps
Splunk for ITOpsSplunk for ITOps
Splunk for ITOpsSplunk
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical OverviewDavid Lutz
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Edureka!
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunk
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
Best Practices for Forwarder Hierarchies
Best Practices for Forwarder HierarchiesBest Practices for Forwarder Hierarchies
Best Practices for Forwarder HierarchiesSplunk
 

What's hot (20)

Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
 
Splunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.comSplunk for Real time alerting and monitoring. www.gtri.com
Splunk for Real time alerting and monitoring. www.gtri.com
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Getting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - DemoGetting Started with Splunk Enterprise - Demo
Getting Started with Splunk Enterprise - Demo
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix themWorst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
 
Splunk workshop-Machine Data 101
Splunk workshop-Machine Data 101Splunk workshop-Machine Data 101
Splunk workshop-Machine Data 101
 
Splunk for ITOps
Splunk for ITOpsSplunk for ITOps
Splunk for ITOps
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced Session
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
Best Practices for Forwarder Hierarchies
Best Practices for Forwarder HierarchiesBest Practices for Forwarder Hierarchies
Best Practices for Forwarder Hierarchies
 

Viewers also liked

Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGeorg Knon
 
SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Splunk
 
Splunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-OnSplunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-OnSplunk
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners SessionDavid Lutz
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with SplunkSplunk
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...Splunk
 

Viewers also liked (10)

Splunk Insights
Splunk InsightsSplunk Insights
Splunk Insights
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out Session
 
SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk Enterprise
 
Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Splunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-OnSplunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-On
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Session
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 

Similar to Splunk overview

Splunk .conf2011: Search Language: Beginner
Splunk .conf2011: Search Language: BeginnerSplunk .conf2011: Search Language: Beginner
Splunk .conf2011: Search Language: BeginnerErin Sweeney
 
SplunkLive! Washington DC May 2013 - Search Language Beginner
SplunkLive! Washington DC May 2013 - Search Language BeginnerSplunkLive! Washington DC May 2013 - Search Language Beginner
SplunkLive! Washington DC May 2013 - Search Language BeginnerSplunk
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunk
 
Using Splunk 6.3 - eLearning.pdf
Using Splunk 6.3 - eLearning.pdfUsing Splunk 6.3 - eLearning.pdf
Using Splunk 6.3 - eLearning.pdfllan47
 
Introduction- Splunk is a leading software platform for collecting- in.docx
Introduction- Splunk is a leading software platform for collecting- in.docxIntroduction- Splunk is a leading software platform for collecting- in.docx
Introduction- Splunk is a leading software platform for collecting- in.docxDanrLjAbrahamw
 
Splunk .conf2011: Search Language: Intermediate
Splunk .conf2011: Search Language: IntermediateSplunk .conf2011: Search Language: Intermediate
Splunk .conf2011: Search Language: IntermediateErin Sweeney
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunk
 
SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunk
 
SplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptxSplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptxKhongHieu2
 
SplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptxSplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptxCazlp1
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101Splunk
 
Analytics with splunk - Advanced
Analytics with splunk - AdvancedAnalytics with splunk - Advanced
Analytics with splunk - Advancedjenny_splunk
 
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk EnterpriseDaten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk Enterprisejenny_splunk
 
Learn splunk online training
Learn splunk online training Learn splunk online training
Learn splunk online training AngelinaJoile1
 
Getting Started Breakout Session
Getting Started Breakout Session Getting Started Breakout Session
Getting Started Breakout Session Splunk
 
Splunk Architecture - A complete guide
Splunk Architecture - A complete guideSplunk Architecture - A complete guide
Splunk Architecture - A complete guideHKRTrainings
 

Similar to Splunk overview (20)

Splunk .conf2011: Search Language: Beginner
Splunk .conf2011: Search Language: BeginnerSplunk .conf2011: Search Language: Beginner
Splunk .conf2011: Search Language: Beginner
 
SplunkLive! Washington DC May 2013 - Search Language Beginner
SplunkLive! Washington DC May 2013 - Search Language BeginnerSplunkLive! Washington DC May 2013 - Search Language Beginner
SplunkLive! Washington DC May 2013 - Search Language Beginner
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
 
Using Splunk 6.3 - eLearning.pdf
Using Splunk 6.3 - eLearning.pdfUsing Splunk 6.3 - eLearning.pdf
Using Splunk 6.3 - eLearning.pdf
 
Introduction- Splunk is a leading software platform for collecting- in.docx
Introduction- Splunk is a leading software platform for collecting- in.docxIntroduction- Splunk is a leading software platform for collecting- in.docx
Introduction- Splunk is a leading software platform for collecting- in.docx
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
 
Splunk .conf2011: Search Language: Intermediate
Splunk .conf2011: Search Language: IntermediateSplunk .conf2011: Search Language: Intermediate
Splunk .conf2011: Search Language: Intermediate
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with Splunk
 
Splunk
SplunkSplunk
Splunk
 
Splunk Components
Splunk ComponentsSplunk Components
Splunk Components
 
SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk Enterprise
 
SplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptxSplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptx
 
SplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptxSplunkGettingStartedWorkshop.pptx
SplunkGettingStartedWorkshop.pptx
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
 
Analytics with splunk - Advanced
Analytics with splunk - AdvancedAnalytics with splunk - Advanced
Analytics with splunk - Advanced
 
Veera
VeeraVeera
Veera
 
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk EnterpriseDaten anonymisieren und pseudonymisieren in Splunk Enterprise
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
 
Learn splunk online training
Learn splunk online training Learn splunk online training
Learn splunk online training
 
Getting Started Breakout Session
Getting Started Breakout Session Getting Started Breakout Session
Getting Started Breakout Session
 
Splunk Architecture - A complete guide
Splunk Architecture - A complete guideSplunk Architecture - A complete guide
Splunk Architecture - A complete guide
 

Recently uploaded

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 

Recently uploaded (20)

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 

Splunk overview

  • 1. Splunk Overview Daniel Hernandez • Twitter: @dnlstkmty November 2015
  • 2. What is Splunk? [4] Splunk is a tool that can be used to index, and search data. Splunk can generate graphs, alerts, and dashboards for this data.
  • 3. What kind of data is used by Splunk? [5] IT streaming and historical data. Data from: 1. Event logs (e.g. event viewer logs) 2. Web logs (e.g. IIS logs) 3. System metrics (e.g. Windows performance counters) 4. And Others sources
  • 4. Splunk local, and remote data Data used by Splunk can be on the same machine (local data), or in a remote machine (remote data)
  • 5. Splunk Concepts Index. Data repositories created in splunk are called Indexes. An index is a database. Event. A single piece of data in Splunk is called Event [6]. Examples - single record or entry in a log file. - single record or entry in the event viewer.
  • 6. Splunk Indexing When Splunk indexes data, it breaks up the data into individual pieces and gives each piece a timestamp, host, source, and source type.
  • 7. Splunk Search Elements Step 2 Step 3 Search Sub- search Index Source Source Type Host Results Step 1
  • 8. Splunk Search Concepts • Index. An Index is a data repository in Splunk. • Host. Host is the name, or IP address of the network machine that originated the event. • Source. Source is the file, directory path, network port, or script from which the event was originated. • Source Type. Source Type classify the data based on how it is formatted.
  • 9. Installing Splunk • Splunk installation can be done by following the steps described in the below URL: http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchTu torial/Systemrequirements
  • 10. Getting Familiar with Splunk • Get familiar with Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/NavigatingSplunk
  • 11. Getting Data into Splunk • Get data into Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/GetthetutorialdataintoSplunk
  • 12. Splunk Search & Reporting – UI elements Application Bar Search Bar Time Rage Picker
  • 13. Splunk Search & Reporting
  • 14. Splunk Search & Reporting’s panels How to Search What to Search
  • 15. Splunk Search – Search Result Tabs
  • 16. Splunk ‘What to Search’ panel Data Summary Hosts Sources Source Types
  • 17. Splunk ‘What to Search’ panel
  • 18. Splunk Search Elements available after searching in Splunk Search Result Tabs Search Action Buttons Search Mode Selector ‘Save as’ menu
  • 20. Splunk Search – Search Result Tabs Search Result Tabs Events Statistic Visualization
  • 21. Splunk Search – Search Result Tabs
  • 22. Splunk Search Results – Events Tab Events Tab Timeline of events Events view options Field sidebar Search term matches
  • 23. Splunk Search Results – Events Tab
  • 24. Splunk Search Results – Events Tab • Shows how many events have occurred at a particular point in time. Timeline • When data is indexed, Splunk extract information from the data that is formatted as name and value pairs. Fields sidebar
  • 25. Splunk Search Results – Events Tab • Shows the events that match the search criteria. Search term matches • Shows menus with options to format the search results. Event view options
  • 26. Searching Data using Splunk • To search for events / logs in Splunk, go to Splunk Search page. 1. In the Search textbox, type the word(s) you want to search 2. Specify filters to narrow the search result such as host or source 3. Click on the Search icon
  • 28. Searching Data using Splunk • Additional details about searching data in Splunk can be found in the below link: http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchTu torial/Startsearching
  • 29. References 1. Splunk for SQL Users. http://www.innovato.com/splunk/SQLSplunk.html 2. Splunk Search Tutorial. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/WelcometotheSearchTutorial 3. Splunk Search Reference. http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchRefere nce/SearchCheatsheet 4. About Splunk Enterprise http://docs.splunk.com/Documentation/Splunk/latest/Overview/Ab outSplunkEnterprise
  • 30. References 5. About getting data into Splunk Enterprise. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/AboutgettingdataintoSplunk 6. Event http://docs.splunk.com/Splexicon:Event 7. Splunk Installation Manual. http://docs.splunk.com/Documentation/Splunk/6.2.0/Installation/I nstallonWindows 8. About Splunk Free http://docs.splunk.com/Documentation/Splunk/latest/Admin/More aboutSplunkFree
  • 31. References 9. Get the tutorial data into Splunk http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchT utorial/GetthetutorialdataintoSplunk 10.About the Search Tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/WelcometotheSearchTutorial 11.Splunk download. http://www.splunk.com/download