Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Splunk overview


Published on

Splunk search overview. Introduction to Splunk search. Splunk search concepts.

Published in: Software

Splunk overview

  1. 1. Splunk Overview Daniel Hernandez • Twitter: @dnlstkmty November 2015
  2. 2. What is Splunk? [4] Splunk is a tool that can be used to index, and search data. Splunk can generate graphs, alerts, and dashboards for this data.
  3. 3. What kind of data is used by Splunk? [5] IT streaming and historical data. Data from: 1. Event logs (e.g. event viewer logs) 2. Web logs (e.g. IIS logs) 3. System metrics (e.g. Windows performance counters) 4. And Others sources
  4. 4. Splunk local, and remote data Data used by Splunk can be on the same machine (local data), or in a remote machine (remote data)
  5. 5. Splunk Concepts Index. Data repositories created in splunk are called Indexes. An index is a database. Event. A single piece of data in Splunk is called Event [6]. Examples - single record or entry in a log file. - single record or entry in the event viewer.
  6. 6. Splunk Indexing When Splunk indexes data, it breaks up the data into individual pieces and gives each piece a timestamp, host, source, and source type.
  7. 7. Splunk Search Elements Step 2 Step 3 Search Sub- search Index Source Source Type Host Results Step 1
  8. 8. Splunk Search Concepts • Index. An Index is a data repository in Splunk. • Host. Host is the name, or IP address of the network machine that originated the event. • Source. Source is the file, directory path, network port, or script from which the event was originated. • Source Type. Source Type classify the data based on how it is formatted.
  9. 9. Installing Splunk • Splunk installation can be done by following the steps described in the below URL: torial/Systemrequirements
  10. 10. Getting Familiar with Splunk • Get familiar with Splunk Enterprise: utorial/NavigatingSplunk
  11. 11. Getting Data into Splunk • Get data into Splunk Enterprise: utorial/GetthetutorialdataintoSplunk
  12. 12. Splunk Search & Reporting – UI elements Application Bar Search Bar Time Rage Picker
  13. 13. Splunk Search & Reporting
  14. 14. Splunk Search & Reporting’s panels How to Search What to Search
  15. 15. Splunk Search – Search Result Tabs
  16. 16. Splunk ‘What to Search’ panel Data Summary Hosts Sources Source Types
  17. 17. Splunk ‘What to Search’ panel
  18. 18. Splunk Search Elements available after searching in Splunk Search Result Tabs Search Action Buttons Search Mode Selector ‘Save as’ menu
  19. 19. Splunk Search
  20. 20. Splunk Search – Search Result Tabs Search Result Tabs Events Statistic Visualization
  21. 21. Splunk Search – Search Result Tabs
  22. 22. Splunk Search Results – Events Tab Events Tab Timeline of events Events view options Field sidebar Search term matches
  23. 23. Splunk Search Results – Events Tab
  24. 24. Splunk Search Results – Events Tab • Shows how many events have occurred at a particular point in time. Timeline • When data is indexed, Splunk extract information from the data that is formatted as name and value pairs. Fields sidebar
  25. 25. Splunk Search Results – Events Tab • Shows the events that match the search criteria. Search term matches • Shows menus with options to format the search results. Event view options
  26. 26. Searching Data using Splunk • To search for events / logs in Splunk, go to Splunk Search page. 1. In the Search textbox, type the word(s) you want to search 2. Specify filters to narrow the search result such as host or source 3. Click on the Search icon
  27. 27. Searching Data using Splunk
  28. 28. Searching Data using Splunk • Additional details about searching data in Splunk can be found in the below link: torial/Startsearching
  29. 29. References 1. Splunk for SQL Users. 2. Splunk Search Tutorial. al/WelcometotheSearchTutorial 3. Splunk Search Reference. nce/SearchCheatsheet 4. About Splunk Enterprise outSplunkEnterprise
  30. 30. References 5. About getting data into Splunk Enterprise. al/AboutgettingdataintoSplunk 6. Event 7. Splunk Installation Manual. nstallonWindows 8. About Splunk Free aboutSplunkFree
  31. 31. References 9. Get the tutorial data into Splunk utorial/GetthetutorialdataintoSplunk 10.About the Search Tutorial utorial/WelcometotheSearchTutorial 11.Splunk download.