Splunk Insights
Upcoming SlideShare
Loading in...5

Splunk Insights



Splunk insights

Splunk insights



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Splunk Insights Splunk Insights Presentation Transcript

  • Presented By:Sunil Kumar 1
  • Agenda • • • • • • • What is Splunk Why Splunk Splunk Architecture Splunk Data Storage Splunk Installation Configuration Splunk Apps Splunk Searching, Reporting and Alerting • Splunk Dashboard
  • What is Splunk Splunk (the product) captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations Splunk aims to make machine data accessible across an organization and identifies data patterns, provides metrics, diagnoses problems and provides intelligence for business operation. Splunk is a used for application management, security and compliance, as well as business and web analytics. Splunk has over 5,200 licensed customers in 74 countries, including more than half of the Fortune 100.
  • Life Without Splunk
  • Life With Splunk
  • One Splunk. Many Uses.
  • Getting Data Into Splunk Agent and Agent-less Approach for Flexibility
  • How Splunk Stores Data Splunk is ingesting data and storing it in two types of files o Raw Data o Index File Splunk indexes are stored in directories called Buckets o This consists of the index file and the raw data o Buckets move through stages as they age
  • Splunk Licenses Free Download Limits Indexing to 500MB/day • • Enterprise Trial License expires after 60 days Reverts to Free License Features Disabled in Free License • • • • • Multiple user accounts and role-based access controls Distributed search Deployment management Scheduled saved searches and alerting Summary indexing Other License Types • Enterprise, Trial
  • Splunk Installation Splunk Platform • 32 or 64 bit • Indexer or Universal Forwarder • www.splunk.com/download Start Splunk • WIN: Program FilesSplunkbinsplunk.exe start (services start) • *NIX: /opt/splunk/bin/splunk start Splunk Home • WIN: Program FilesSplunk • Other: /opt/splunk (Applications/splunk)
  • Splunk Universal Forwarder Setup Unix Platform • Configure universal forwarder to auto-start $./splunk enable boot-start • Configure the universal forwarder to forward to a receiving indexer: $./splunk add forward-server <host>:<port> -auth <username>:<password> Windows Platform: • Configure the universal forwarder to forward to a receiving indexer
  • Splunk Apps Splunk Apps Categories: • Application Management 88 • IT Operations Management 151 • Security and Compliance 128 • Business Analytics 34 • Utilities 134 • Cool Stuff 93 http://apps.splunk.com
  • Log Monitoring Configuration Splunk's monitor process consumes any new data written to that file or directory. Sample inputs.conf configuration: Monitor a File: [monitor:/var/log/cassandra/system.log] sourcetype = log4j disabled = false Monitor a Directory files: [monitor:/var/log/] disabled = false
  • Splunk Searching • Wildcards are supported - * • Search terms are case insensitive. • Boolean searches are supported with AND, OR, NOT. Just remember that Booleans must be uppercase. • There is an implied AND between the search terms, and for complex searches, use parenthesis. (error OR failed) • Historical, custom, or real-time
  • Search Commands Search results are “piped” to the command: • Manipulating fields • Formatting • Handling results • Reporting
  • Saved Searches and Alerting OR
  • Alerting Actions • • • • Send email RSS Execute a script Track in Alert Manager
  • Splunk Alerting
  • Reporting Build reports from the results of any search Select type of report (Values over time, Top Values, Rare Values) and on which fields to report or perform statistics Choose the type of chart (line, area, column, etc) and other formatting options 20
  • Reporting Examples • Use wizard or reporting commands (timechart, top, etc) • Build real-time reports with real-time searches • Save reports for use on dashboards 21
  • Dashboards The Splunk Web Framework provides various options for creating dashboards: • Simple XML • Advanced XML • Splunk SDKs
  • Dashboards Contd.. Create dashboards from search results 23
  • Deployment Monitoring Keep Tabs On Your Splunk Enterprise Deployment Licenses Sourcetypes Indexers 24 Forwarders
  • Splunk Alternatives • Logstash • Hyperic HQ • Nagios • Appdynamics • NewRelic
  • Where to Go for Help • Documentation – http://www.splunk.com/base/Documentation • Technical Support – http://www.splunk.com/support • Videos – http://www.splunk.com/videos • Education – http://www.splunk.com/goto/education • Community – http://answers.splunk.com • Splunk Book – http://splunkbook.com 26