SlideShare a Scribd company logo

Machine Data 101

Splunk
Splunk

Let's create an app to organize all the work we do in this workshop

1 of 127
Download to read offline
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Machine Data 101: Turning Data Into Insight Guy Weaver | Senior Sales Engineer August 23, 2017 | Detroit, MI
© 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
© 2017 SPLUNK INC.© 2017 SPLUNK INC. © 2017 SPLUNK INC.
© 2017 SPLUNK INC. ▶ Workshop Setup ▶ Splunk Overview – what is Splunk? ▶ It’s all about the data – background on your data sources ▶ Searching and Reporting – getting the basics out of the way ▶ Apps and Add-ons – Fastest path to value from your data ▶ Apps – a place to store all your amazing work ▶ SPL Overview – Everything begins with a Search ▶ Build a Dashboard – Organize your information ▶ Resources – Next Steps to Success! Agenda
© 2017 SPLUNK INC. ▶ Setup a splunk.com Account ▶ Install Splunk ▶ Setup an Instance of SplunkCloud (Optional) ▶ Upload data ▶ Install an Application ▶ Explore Data in Splunk ▶ Run a Search in Splunk ▶ Create an App Bucket List ▶ Create a Dashboard ▶ Create a Report ▶ Learn some basic SPL ▶ Create a Manual Lookup ▶ Create and Automatic Lookup ▶ Create a Chart in Splunk ▶ Create a Geomap Chart ▶ Know where to go for more Splunk
© 2017 SPLUNK INC. Workshop Setup
© 2017 SPLUNK INC. Download Splunk or Sign Up For Splunk Cloud www.splunk.com > Free Splunk > Splunk Enterprise or Splunk Cloud 1 2 3
© 2017 SPLUNK INC. ▶ Box > access_datasample_last4h.log ▶ Box > http_status.csv Download Data Sample and Lookup https://splunk.box.com/v/MD101Workshop
© 2017 SPLUNK INC. Getting to know Splunk And so we begin...
© 2017 SPLUNK INC. Login to Splunk
© 2017 SPLUNK INC. The Splunk Interface Take some time to click around for a few minutes...
© 2017 SPLUNK INC. ▶ Browser: http://localhost:8000 ▶ Default username/password is admin/changeme Index Data Sample 1 2
© 2017 SPLUNK INC. Index Data Sample 3 2 1 4 5
© 2017 SPLUNK INC. Index Data Sample 1 2
© 2017 SPLUNK INC. Index Data Sample 1 2 You will need to refresh the search after a few moments for all events to show up
© 2017 SPLUNK INC. Splunk Cloud And so we begin...
© 2017 SPLUNK INC. ▶ Visit: https://www.splunk.com/getsplunk/cloud_trial and sign-up! Activating Your Splunk Cloud Instance
© 2017 SPLUNK INC. https://prd-p-1abc234defgh.cloud.splunk.com MDWUser, Three Clicks Later... Ready to Start Splunking
© 2017 SPLUNK INC. Optimizing Your Experience Default User Settings
© 2017 SPLUNK INC. Enhance Your Splunk Experience – User Settings
© 2017 SPLUNK INC. Adjusting Your Global User Settings Events will be displayed relative to your time zone Context sensitive help at your fingertips Searches are cleaned up and colorized Line numbers are added to your searches for clarity
© 2017 SPLUNK INC. Splunk Overview
© 2017 SPLUNK INC. Industry Leading Platform For Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy MetersFirewall Intrusion Prevention Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Machine Data: Any Location, Type, Volume Answer Any Question Any Amount, Any Location, Any Source Schema on-the-fly Universal indexing No back-end RDBMS No need to filter data
© 2017 SPLUNK INC. Structured RDBMS SQL Search Schema at Write Schema at Read Traditional Splunk Copyright © 2014 Splunk Inc. Splunk Approach to Machine Data 24 ETL Universal Indexing Volume Velocity Variety Unstructured
© 2017 SPLUNK INC. Ingests Data From Heterogeneous Data Sources Agent-Less and Agent Approach for Flexibility and Optimization Mounted File Systems hostnamemount syslog TCP/UDP Event Logs Performance Active Directory syslog hosts and network devices Unix, Linux and Windows hosts Local File Monitoring Splunk Forwarder virtual host Windows Scripted or Modular Inputs shell scripts, API subscriptions Mainframes*nix Wire Data Splunk App for Stream DevOps, IoT, Containers HTTP Event Collector shell API perf
© 2017 SPLUNK INC. Structured View Into Unstructured Data Product ID Activity Log Amount Webserver ID CPU threshold Error event log Event Log Failed login IP Addr Table Datasets: Empower users with focused data views
© 2017 SPLUNK INC. Enrich Raw Data to Make It More Meaningful Create additional fields from the raw data with a lookup to an external data source LDAP, AD Watch Lists CRM/ERP CMDB External Data Sources Data goes in Insight comes out
© 2017 SPLUNK INC. Forwards Events to Third-Party Systems Service Desk Event Console SIEM Formatted RAW
© 2017 SPLUNK INC. ▶ Alerts • Create alerts based on any search • Customize content and format of email alerts • Trigger a script • Custom Alert Actions • Allows packaged integration with third-party applications • Enable custom workflows • Developers can build, package and publish alert actions Actionable Alerting
© 2017 SPLUNK INC. ▶ Reports • Visually represent the results of a search • Run on an ad hoc basis or save the report to view later • Share it with others on the team or a different group • Add reports to a new or existing dashboard Dynamic Reporting Chart on any search Choose visualization Save as a report
© 2017 SPLUNK INC. Combine Reports to Create Dashboards Use the built-in dashboard editor Or embed the reports into external sites like a wiki
© 2017 SPLUNK INC. It’s all about the data Let’s participate in some data discovery.
© 2017 SPLUNK INC. Sources of Data HTTP Status Lookup Table Access Log access_datasample_last4h.log http_status.csv
© 2017 SPLUNK INC. ▶ 141.146.8.66 - - [17/Nov/2016 12:17:52:155] "GET /oldlink?item_id=EST-7&JSESSIONID=SD5SL5FF3ADFF8 HTTP 1.1" 400 1271 "http://www.myflowershop.com/cart.do?action=addtocart&itemId=EST-7&product_id=FI-FW-02" "Googlebot/2.1 ( http://www.googlebot.com/bot.html) " 899 Unstructured Data - Access Log access_datasample_last4h.log JSESSIONID SD5SL5FF3ADFF8 _raw 141.146.8.66 - - [17/Nov/2016 12:17:52:155] "GET /oldlink?item_id=EST- 7&JSESSIONID=SD5SL5FF3ADFF8 HTTP 1.1" 400 1271 "http://www.myflowershop.com/cart.do?action=addtocart&itemId=EST- 7&product_id=FI-FW-02" "Googlebot/2.1 ( http://www.googlebot.com/bot.html) " 899 _time 2016-11-17T12:17:52.155-0500 action addtocart bytes 1271 category_id clientip 141.146.8.66 cookie date_hour 12 date_mday 17 date_minute 17 date_month november date_second 52 date_wday thursday date_year 2016 date_zone local eventtype file oldlink host gweaver-mbp ident - index main itemId EST-7 item_id EST-7 linecount 1 method GET other 899 product_id FI-FW-02 punct ..._-_-_[//_:::]_"_/?=-&=__."___"://../.?=&=-&=--" referer http://www.myflowershop.com/cart.do?action=addtocart&itemId=EST- 7&product_id=FI-FW-02 referer_domain http://www.myflowershop.com req_time 17/Nov/2016 12:17:52:155 root source access_datasample_last4h.log sourcetype access_combined splunk_server gweaver-mbp splunk_server_group status 400 timeendpos 42 timestartpos 18 uri /oldlink?item_id=EST-7&JSESSIONID=SD5SL5FF3ADFF8 uri_domain uri_path /oldlink uri_query item_id=EST-7&JSESSIONID=SD5SL5FF3ADFF8 user - useragent Googlebot/2.1 ( http://www.googlebot.com/bot.html) version 1.1
© 2017 SPLUNK INC. http_status.csv status status_description status_type 403 Forbidden Client Error 404 Not Found Client Error 405 Method Not Allowed Client Error 406 Not Acceptable Client Error 407 Proxy Authentication Required Client Error 408 Request Timeout Client Error 409 Conflict Client Error 410 Gone Client Error 411 Length Required Client Error 412 Precondition Failed Client Error 413 Request Entity Too Large Client Error 414 Request-URI Too Long Client Error 415 Unsupported Media Type Client Error 416 Requested Range Not Satisfiable Client Error 417 Expectation Failed Client Error 500 Internal Server Error Server Error 501 Not Implemented Server Error 502 Bad Gateway Server Error 503 Service Unavailable Server Error 504 Gateway Timeout Server Error 505 HTTP Version Not Supported Server Error status status_description status_type 100 Continue Informational 101 Switching Protocols Informational 200 OK Successful 201 Created Successful 202 Accepted Successful 203 Non-Authoritative Information Successful 204 No Content Successful 205 Reset Content Successful 206 Partial Content Successful 300 Multiple Choices Redirection 301 Moved Permanently Redirection 302 Found Redirection 303 See Other Redirection 304 Not Modified Redirection 305 Use Proxy Redirection 307 Temporary Redirect Redirection 400 Bad Request Client Error 401 Unauthorized Client Error 402 Payment Required Client Error
© 2017 SPLUNK INC. Search & Reporting Let’s explore some data together
© 2017 SPLUNK INC. Go to the Search & Reporting App
© 2017 SPLUNK INC. The Default App Interface How many events were indexed? How old are the events? Are events still coming in?
© 2017 SPLUNK INC. Data Summary – Hosts Two different hosts are sending their data into your Splunk instance. Data from appserver and fileserver hosts Total counts of events The last time events were received Guess what this little graphic means?
© 2017 SPLUNK INC. Data Summary – Sources Sources let you know the specific location or other information about where the event originates. Original source location of logs Event counts continue to grow.
© 2017 SPLUNK INC. Data Summary – Sourcetypes Sourcetypes provide categories and context, and are used to extract fields, enrich data and so much more. Categorize data using sourcetypes!
© 2017 SPLUNK INC. Searching in your app Add a wildcard to the search bar and hit return to see indexed events
© 2017 SPLUNK INC. The Search Results Interface Take some time and explore all of the available options in the Splunk search results Key=“Value” fields are automatically extracted from raw events. We call this, “schema on the fly” Which fields will Splunk automatically extract from the events? App Bar Splunk Bar Search Bar Events Bar Fields Sidebar Search Action Buttons Timeline Search Results Tabs Save As Menu Time Range Picker Search Mode Selector
© 2017 SPLUNK INC. Exploring Fields What values do you see when you select the sourcetype field? Take some time to explore the various field options on the left
© 2017 SPLUNK INC. Numeric Field Reports Numeric Fields # Select “Average over time” to generate a timechart
© 2017 SPLUNK INC. Visualizing Data Chart Types Splunk Search Language (SPL) Select Column Chart
© 2017 SPLUNK INC. Statistical and Charting Functions http://docs.splunk.com/Documentation/Splunk/6.6.2/SearchReference/CommonStatsFunctions Add additional functions to transform results Use, “AS” to rename the result fields Remember , “CAPITALIZE”
© 2017 SPLUNK INC. Formatting Visualizations Stacked http://docs.splunk.com/Documentation/Splunk/6.6.2/SearchReference/CommonStatsFunctions Format
© 2017 SPLUNK INC. ASCII Field Reports ASCII Fields a
© 2017 SPLUNK INC. Apps
© 2017 SPLUNK INC. splunkbase.com
© 2017 SPLUNK INC. Splunkbase.com 52 The Splunk platform imports and indexes virtually any machine data and provides powerful search and analysis features that deliver immediate value to your business. We also offer hundreds of apps and add-ons that can enhance and extend the Splunk platform with ready-to-use functions ranging from optimized data collection to monitoring security, IT management and more.
© 2017 SPLUNK INC. Splunkbase.com – 6.x Dashboard Examples 53 The Splunk 6.x Dashboard app delivers examples that give you a hands-on way to learn the basic concepts and tools needed to rapidly create rich dashboards using Simple XML. This new app incorporates learn-by-doing Simple XML examples, including extensions to Simple XML for further customization of layout, interactivity, and visualizations.
© 2017 SPLUNK INC. ▶ Assistants: Guide model building, testing & deployment for common objectives ▶ Showcases: Interactive examples for typical IT, security, business, IoT use cases ▶ SPL ML Commands: New commands to fit, test and operationalize models ▶ Python for Scientific Computing Library: 300+ open source algorithms available for use Splunk Machine Learning Toolkit Build custom analytics for any use case
© 2017 SPLUNK INC. Installing Your First App
© 2017 SPLUNK INC. Browse more apps on splunkbase.com
© 2017 SPLUNK INC. Install Splunk 6.x Dashboard Examples
© 2017 SPLUNK INC. Check out the App you installed
© 2017 SPLUNK INC. Creating Your First App Creating your MDW101 App
© 2017 SPLUNK INC. Creating Your First App • Apps are a collection of dashboards, panels and UI elements • Powered by saved searches and packaged for specific technologies or use cases. • Provide useful and relevant information to many different roles. • Help you stay organized I am not an App developer!!!!
© 2017 SPLUNK INC. App Management Page Select the “Create App” button
© 2017 SPLUNK INC. Fill Out the App Form and Select Save All of your saved objects are here: $SPLUNK_HOME/etc/apps/MDW101 Apps are folders where all of my saved objects are stored!
© 2017 SPLUNK INC. Go to the Machine Data Workshop 101 App That was easy!
© 2017 SPLUNK INC. The Machine Data 101 Workshop App Why do we want you to stay within this Machine Data 101 Workshop app today?
© 2017 SPLUNK INC. Your First Dashboard Pointing and Clicking
© 2017 SPLUNK INC. Today You Will Be Building This
© 2017 SPLUNK INC. SPL Overview Search Processing Language
© 2017 SPLUNK INC. SPL Overview ▶Over 140+ search commands ▶Syntax was originally based upon the Unix pipeline and SQL and is optimized for time series data ▶The scope of SPL includes data searching, filtering, modification, manipulation, enrichment, insertion and deletion 68
© 2017 SPLUNK INC. How Search Works
© 2017 SPLUNK INC. search and filter | munge | report | cleanup | rename sum(KB) AS "Total KB" dc(clientip) AS "Unique Customers" | eval KB=bytes/1024 sourcetype=access* | stats sum(KB) dc(clientip) SPL Basic Structure 70
© 2017 SPLUNK INC. SPL Examples
© 2017 SPLUNK INC. search and filter
© 2017 SPLUNK INC. Search and Filter Examples ● Keyword search: sourcetype=access* 200 73
© 2017 SPLUNK INC. Search and Filter Examples ● Keyword search: sourcetype=access* 200 ● Filter: sourcetype=access* status=200 74
© 2017 SPLUNK INC. Search and Filter Examples ● Keyword search: sourcetype=access* 200 ● Filter: sourcetype=access* status=200 ● Combined: sourcetype=access* GET action=purchase 75
© 2017 SPLUNK INC. munge
© 2017 SPLUNK INC. Eval – Modify or Create New Fields and ValuesExamples ● Calculation: sourcetype=access* | eval KB=bytes/1024 77
© 2017 SPLUNK INC. Eval – Modify or Create New Fields and ValuesExamples ● Calculation: sourcetype=access* | eval KB=bytes/1024 ● Evaluation: sourcetype=access* | eval http_response = if(status != 200, "Error", "OK") 78
© 2017 SPLUNK INC. Eval – Modify or Create New Fields and ValuesExamples ● Calculation: sourcetype=access* |eval KB=bytes/1024 ● Evaluation: sourcetype=access* | eval http_response = if(status != 200, ”Error", ”OK”) ● Concatenation: sourcetype=access* | eval connection = clientip.”:”.port 79
© 2017 SPLUNK INC. Eval – Just Getting Started! Splunk Search Quick Reference Guide 80
© 2017 SPLUNK INC. report
© 2017 SPLUNK INC. Stats, Chart, Timechart 82
© 2017 SPLUNK INC. Stats – Calculate Statistics Based on Field ValuesExamples ● Calculate stats sourcetype=access* | stats count 83
© 2017 SPLUNK INC. Stats – Calculate Statistics Based on Field Values Examples 84 ● Calculate stats sourcetype=access* | stats count ● Group by field sourcetype=access* | stats count by action
© 2017 SPLUNK INC. Stats – Calculate Statistics Based on Field Values Examples 85 ● Calculate stats and rename sourcetype=access* | stats count ● Group by field sourcetype=access* | stats count by action ● By multiple functions sourcetype=access* | stats avg(bytes) AS AVG_Bytes sparkline(avg(bytes)) AS Trend_Bytes by action Hey! That looks cool let’s save this report…..
© 2017 SPLUNK INC. Save Search as a Report and Dashboard too
© 2017 SPLUNK INC. MDW Workshop
© 2017 SPLUNK INC. Timechart – Visualize Statistics Over Time Examples ● Visualize stats over time sourcetype=access* | timechart avg(bytes) 88
© 2017 SPLUNK INC. Timechart – Visualize Statistics Over Time Examples 89 ● Visualize stats over time sourcetype=access* | timechart avg(bytes) ● Add a trendline sourcetype=access* | timechart avg(bytes) as bytes | trendline sma5(bytes) Hey! That looks cool too! Add it to your dashboard
© 2017 SPLUNK INC. Add Search to your Dashboard
© 2017 SPLUNK INC. Two Panels on your Dashboard
© 2017 SPLUNK INC. Timechart – Visualize Statistics Over Time Examples 92 ● Visualize stats over time sourcetype=netapp:perf | timechart avg(read_ops) ● Add a trendline sourcetype=access* | timechart avg(bytes) as bytes | trendline sma5(bytes) ● Add a prediction overlay sourcetype=access* | timechart avg(bytes) as bytes | predict bytes
© 2017 SPLUNK INC. Stats/Timechart – But Wait, There’s More! Splunk Search Quick Reference Guide 93
© 2017 SPLUNK INC. Transaction – Group Related Events Spanning TimeExamples ● Group by session ID sourcetype=access* | transaction JSESSIONID 94
© 2017 SPLUNK INC. Transaction – Group Related Events Spanning Time Examples 95 ● Group by session ID sourcetype=access* | transaction JSESSIONID ● Calculate session durations sourcetype=access* | transaction JSESSIONID | stats min(duration) max(duration) avg(duration)
© 2017 SPLUNK INC. Stats – Group Related Events Spanning Time Examples 96 ● Group by session ID sourcetype=access* | transaction JSESSIONID ● Calculate session durations sourcetype=access* | transaction JSESSIONID | stats min(duration) max(duration) avg(duration) ● Stats command sourcetype=access* | stats min(_time) AS earliest max(_time) AS latest by JSESSIONID | eval duration=latest-earliest | stats min(duration) max(duration) avg(duration)
© 2017 SPLUNK INC. Data Enrichment
© 2017 SPLUNK INC. ▶ Add meaning/context/specificity to raw data ▶ Labels describing team, category, platform, geography ▶ Applied to field-value combination ▶ Multiple tags can be applied for each field-value ▶ Case sensitive Tags
© 2017 SPLUNK INC. Create TagsSHOW
© 2017 SPLUNK INC. Search events with tag in any field Search events with tag in a specific field Search events with tag using wildcards Find the Web Servers ▶ Tags in Action tag=webserver tag::host=webserver tag=web* Tag the host as webserver Tag the sourcetype as web 1 2 3 4 5 SHOW Back to Slides
© 2017 SPLUNK INC. ▶ Normalize field labels to simplify search and correlation ▶ Apply multiple aliases to a single field • Example: Username | cs_username | User à user • Example: c_ip | client | client_ip à clientip ▶ Processed after field extractions + before lookups ▶ Can apply to lookups ▶ Aliases appear alongside original fields Field Aliases
© 2017 SPLUNK INC. Re-Label Field to Intuitive Name Create Field Alias 1 2 3
© 2017 SPLUNK INC. Create field alias of clientip = customer Search events in last 15 minutes, find customer field Field alias (customer) and original field (clientip) are both displayed Search using an Intuitive Field Name Field Alias in Action sourcetype=access_combined 1 2 3
© 2017 SPLUNK INC. ▶ Shortcut for performing repetitive/long/complex transformations using eval command ▶ Based on extracted or discovered fields only ▶ Do not apply to lookup or generated fields Calculated Fields 1 2 3 3
© 2017 SPLUNK INC. Compute Kilobytes from Bytes Create Calculated Field 1 2 3
© 2017 SPLUNK INC. ▶ Augment raw events with additional fields • Provide context or supporting details ▶ Translate field values to more descriptive data • Example: add text descriptions for error codes, IDs • Example: add contact details to user names or IDs • Example: add descriptions to HTTP status codes ▶ File-based or scripted lookups Lookups
© 2017 SPLUNK INC. Lookups to Enrich Raw Data CRM/ ERP External Data Sources Data goes in Create additional fields from the raw data with a lookup to an external data source Insight comes out Watch Lists LDAP AD CMDB
© 2017 SPLUNK INC. Convert a Code into a Description Upload a Lookup Table file 1. Upload/create table
© 2017 SPLUNK INC. Get the lookup from the Splunk Wiki (save to .csv file) http://wiki.splunk.com/Http_status.csv Lookup table files > Add new • Name: http_status.csv • Detination filename: http_status.csv Verify lookup was created successfully 1. Create HTTP Status Table 1 2 3 | inputlookup http_status.csv
© 2017 SPLUNK INC. Output from manual lookup
© 2017 SPLUNK INC. Create a Lookup Definition 2. Assign table to lookup object
© 2017 SPLUNK INC. Lookup definitions > Add new • Name: http_status • Type: File-based • Lookup file: http_status.csv Invoke the lookup manually 2. Add Lookup Definition sourcetype=access_combined | lookup http_status status OUTPUT status_description 1 2
© 2017 SPLUNK INC. Create an Automatic lookup 3. Map lookup to data set
© 2017 SPLUNK INC. Automatic lookups > Add new • Name: http_status (cannot have spaces) • Lookup table: http_status • Apply to: sourcetype = access_combined • Lookup input field: status • Lookup output field: status_description Verify lookup is invoked automatically 3. Configure Automatic Lookup 1 2
© 2017 SPLUNK INC. Configure Automatic Lookup
© 2017 SPLUNK INC. Geostats with iplocation enrichment sourcetype=access* | iplocation clientip | geostats count by category_id Hey! That looks cool too! Add it to your dashboard
© 2017 SPLUNK INC. Edit your Dashboard
© 2017 SPLUNK INC. Finished Dashboard!
© 2017 SPLUNK INC. Resources
© 2017 SPLUNK INC. The Splunk Community Creating your MDW101 App
© 2017 SPLUNK INC. Support
© 2017 SPLUNK INC. Answers • Answers • User Groups • Splunkbase • Blogs • Developers • Documentation • Education • SplunkLive! • .conf2017 • Schwag Store • SplunkTrust
© 2017 SPLUNK INC. Training
© 2017 SPLUNK INC. Free Splunk Fundamentals 1 Course
© 2017 SPLUNK INC. Q&A
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You
© 2017 SPLUNK INC. BREAK 15 MINUTES

Recommended

Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
Splunk
 
Splunk workshop-Service Intelligence
Splunk workshop-Service IntelligenceSplunk workshop-Service Intelligence
Splunk workshop-Service Intelligence
Splunk
 
Power of SPL
Power of SPLPower of SPL
Power of SPL
Splunk
 
Hitchhikers Guide to Service Intelligence
Hitchhikers Guide to Service IntelligenceHitchhikers Guide to Service Intelligence
Hitchhikers Guide to Service Intelligence
Splunk
 
Power of SPL
Power of SPLPower of SPL
Power of SPL
Splunk
 
Splunk workshop-2017-Power-of-SPL
Splunk workshop-2017-Power-of-SPLSplunk workshop-2017-Power-of-SPL
Splunk workshop-2017-Power-of-SPL
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 

Recommended

Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
Splunk
 
Splunk workshop-Service Intelligence
Splunk workshop-Service IntelligenceSplunk workshop-Service Intelligence
Splunk workshop-Service Intelligence
Splunk
 
Power of SPL
Power of SPLPower of SPL
Power of SPL
Splunk
 
Hitchhikers Guide to Service Intelligence
Hitchhikers Guide to Service IntelligenceHitchhikers Guide to Service Intelligence
Hitchhikers Guide to Service Intelligence
Splunk
 
Power of SPL
Power of SPLPower of SPL
Power of SPL
Splunk
 
Splunk workshop-2017-Power-of-SPL
Splunk workshop-2017-Power-of-SPLSplunk workshop-2017-Power-of-SPL
Splunk workshop-2017-Power-of-SPL
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
Splunk
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service Intelligence
Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
Splunk
 
Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17
Splunk
 
Hitchhikers Guide to Service Intelligence
Hitchhikers Guide to Service IntelligenceHitchhikers Guide to Service Intelligence
Hitchhikers Guide to Service Intelligence
Splunk
 
Power of SPL Workshop
Power of SPL WorkshopPower of SPL Workshop
Power of SPL Workshop
Splunk
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
Splunk
 
Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into Insight
Splunk
 
Splunk
SplunkSplunk
Splunk
Deep Mehta
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service Intelligence
Splunk
 
Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017
Splunk
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
Splunk
 
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
Splunk
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
Splunk
 
The Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopThe Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence Workshop
Splunk
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Splunk
 
SplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and AlertsSplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
Splunk
 
Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017
Splunk
 
Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into Insight
Splunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk
 

More Related Content

What's hot

The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
Splunk
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service Intelligence
Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
Splunk
 
Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17
Splunk
 
Hitchhikers Guide to Service Intelligence
Hitchhikers Guide to Service IntelligenceHitchhikers Guide to Service Intelligence
Hitchhikers Guide to Service Intelligence
Splunk
 
Power of SPL Workshop
Power of SPL WorkshopPower of SPL Workshop
Power of SPL Workshop
Splunk
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
Splunk
 
Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into Insight
Splunk
 
Splunk
SplunkSplunk
Splunk
Deep Mehta
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service Intelligence
Splunk
 
Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017
Splunk
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
Splunk
 
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
Splunk
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
Splunk
 
The Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopThe Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence Workshop
Splunk
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Splunk
 
SplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and AlertsSplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
Splunk
 
Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017
Splunk
 

What's hot (20)

The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service Intelligence
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
 
Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17
 
Hitchhikers Guide to Service Intelligence
Hitchhikers Guide to Service IntelligenceHitchhikers Guide to Service Intelligence
Hitchhikers Guide to Service Intelligence
 
Power of SPL Workshop
Power of SPL WorkshopPower of SPL Workshop
Power of SPL Workshop
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
 
Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into Insight
 
Splunk
SplunkSplunk
Splunk
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service Intelligence
 
Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
 
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
 
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
 
The Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopThe Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence Workshop
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
 
SplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and AlertsSplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
 
Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017
 

Similar to Machine Data 101

Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into Insight
Splunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy Users
Splunk
 
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Splunk
 
Security investigation hands on workshop 2018-05
Security investigation hands on workshop 2018-05Security investigation hands on workshop 2018-05
Security investigation hands on workshop 2018-05
YoungCho50
 
Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018
YoungCho50
 
SplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by SplunkSplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by Splunk
Splunk
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
Splunk
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT Operations
Splunk
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Digital Transformation EXPO Event Series
 
Power of SPL Workshop
Power of SPL WorkshopPower of SPL Workshop
Power of SPL Workshop
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
stackArmor Security MicroSummit - AWS Security with Splunk
stackArmor Security MicroSummit - AWS Security with SplunkstackArmor Security MicroSummit - AWS Security with Splunk
stackArmor Security MicroSummit - AWS Security with Splunk
Gaurav "GP" Pal
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
 
Essential 8 App for Splunk
Essential 8 App for SplunkEssential 8 App for Splunk
Essential 8 App for Splunk
Mickey Perre
 
SplunkLive! Zurich 2017 - The Power of SPL
SplunkLive! Zurich 2017 - The Power of SPLSplunkLive! Zurich 2017 - The Power of SPL
SplunkLive! Zurich 2017 - The Power of SPL
Splunk
 
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseWhat's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 

Similar to Machine Data 101 (20)

Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into Insight
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy Users
 
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
 
Security investigation hands on workshop 2018-05
Security investigation hands on workshop 2018-05Security investigation hands on workshop 2018-05
Security investigation hands on workshop 2018-05
 
Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018
 
SplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by SplunkSplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by Splunk
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT Operations
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learning
 
Power of SPL Workshop
Power of SPL WorkshopPower of SPL Workshop
Power of SPL Workshop
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
 
stackArmor Security MicroSummit - AWS Security with Splunk
stackArmor Security MicroSummit - AWS Security with SplunkstackArmor Security MicroSummit - AWS Security with Splunk
stackArmor Security MicroSummit - AWS Security with Splunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
 
Essential 8 App for Splunk
Essential 8 App for SplunkEssential 8 App for Splunk
Essential 8 App for Splunk
 
SplunkLive! Zurich 2017 - The Power of SPL
SplunkLive! Zurich 2017 - The Power of SPLSplunkLive! Zurich 2017 - The Power of SPL
SplunkLive! Zurich 2017 - The Power of SPL
 
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseWhat's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
Splunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
maazsz111
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 

Recently uploaded (20)

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 

Machine Data 101

  • 1. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Machine Data 101: Turning Data Into Insight Guy Weaver | Senior Sales Engineer August 23, 2017 | Detroit, MI
  • 2. © 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
  • 3. © 2017 SPLUNK INC.© 2017 SPLUNK INC. © 2017 SPLUNK INC.
  • 4. © 2017 SPLUNK INC. ▶ Workshop Setup ▶ Splunk Overview – what is Splunk? ▶ It’s all about the data – background on your data sources ▶ Searching and Reporting – getting the basics out of the way ▶ Apps and Add-ons – Fastest path to value from your data ▶ Apps – a place to store all your amazing work ▶ SPL Overview – Everything begins with a Search ▶ Build a Dashboard – Organize your information ▶ Resources – Next Steps to Success! Agenda
  • 5. © 2017 SPLUNK INC. ▶ Setup a splunk.com Account ▶ Install Splunk ▶ Setup an Instance of SplunkCloud (Optional) ▶ Upload data ▶ Install an Application ▶ Explore Data in Splunk ▶ Run a Search in Splunk ▶ Create an App Bucket List ▶ Create a Dashboard ▶ Create a Report ▶ Learn some basic SPL ▶ Create a Manual Lookup ▶ Create and Automatic Lookup ▶ Create a Chart in Splunk ▶ Create a Geomap Chart ▶ Know where to go for more Splunk
  • 6. © 2017 SPLUNK INC. Workshop Setup
  • 7. © 2017 SPLUNK INC. Download Splunk or Sign Up For Splunk Cloud www.splunk.com > Free Splunk > Splunk Enterprise or Splunk Cloud 1 2 3
  • 8. © 2017 SPLUNK INC. ▶ Box > access_datasample_last4h.log ▶ Box > http_status.csv Download Data Sample and Lookup https://splunk.box.com/v/MD101Workshop
  • 9. © 2017 SPLUNK INC. Getting to know Splunk And so we begin...
  • 10. © 2017 SPLUNK INC. Login to Splunk
  • 11. © 2017 SPLUNK INC. The Splunk Interface Take some time to click around for a few minutes...
  • 12. © 2017 SPLUNK INC. ▶ Browser: http://localhost:8000 ▶ Default username/password is admin/changeme Index Data Sample 1 2
  • 13. © 2017 SPLUNK INC. Index Data Sample 3 2 1 4 5
  • 14. © 2017 SPLUNK INC. Index Data Sample 1 2
  • 15. © 2017 SPLUNK INC. Index Data Sample 1 2 You will need to refresh the search after a few moments for all events to show up
  • 16. © 2017 SPLUNK INC. Splunk Cloud And so we begin...
  • 17. © 2017 SPLUNK INC. ▶ Visit: https://www.splunk.com/getsplunk/cloud_trial and sign-up! Activating Your Splunk Cloud Instance
  • 18. © 2017 SPLUNK INC. https://prd-p-1abc234defgh.cloud.splunk.com MDWUser, Three Clicks Later... Ready to Start Splunking
  • 19. © 2017 SPLUNK INC. Optimizing Your Experience Default User Settings
  • 20. © 2017 SPLUNK INC. Enhance Your Splunk Experience – User Settings
  • 21. © 2017 SPLUNK INC. Adjusting Your Global User Settings Events will be displayed relative to your time zone Context sensitive help at your fingertips Searches are cleaned up and colorized Line numbers are added to your searches for clarity
  • 22. © 2017 SPLUNK INC. Splunk Overview
  • 23. © 2017 SPLUNK INC. Industry Leading Platform For Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy MetersFirewall Intrusion Prevention Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Machine Data: Any Location, Type, Volume Answer Any Question Any Amount, Any Location, Any Source Schema on-the-fly Universal indexing No back-end RDBMS No need to filter data
  • 24. © 2017 SPLUNK INC. Structured RDBMS SQL Search Schema at Write Schema at Read Traditional Splunk Copyright © 2014 Splunk Inc. Splunk Approach to Machine Data 24 ETL Universal Indexing Volume Velocity Variety Unstructured
  • 25. © 2017 SPLUNK INC. Ingests Data From Heterogeneous Data Sources Agent-Less and Agent Approach for Flexibility and Optimization Mounted File Systems hostnamemount syslog TCP/UDP Event Logs Performance Active Directory syslog hosts and network devices Unix, Linux and Windows hosts Local File Monitoring Splunk Forwarder virtual host Windows Scripted or Modular Inputs shell scripts, API subscriptions Mainframes*nix Wire Data Splunk App for Stream DevOps, IoT, Containers HTTP Event Collector shell API perf
  • 26. © 2017 SPLUNK INC. Structured View Into Unstructured Data Product ID Activity Log Amount Webserver ID CPU threshold Error event log Event Log Failed login IP Addr Table Datasets: Empower users with focused data views
  • 27. © 2017 SPLUNK INC. Enrich Raw Data to Make It More Meaningful Create additional fields from the raw data with a lookup to an external data source LDAP, AD Watch Lists CRM/ERP CMDB External Data Sources Data goes in Insight comes out
  • 28. © 2017 SPLUNK INC. Forwards Events to Third-Party Systems Service Desk Event Console SIEM Formatted RAW
  • 29. © 2017 SPLUNK INC. ▶ Alerts • Create alerts based on any search • Customize content and format of email alerts • Trigger a script • Custom Alert Actions • Allows packaged integration with third-party applications • Enable custom workflows • Developers can build, package and publish alert actions Actionable Alerting
  • 30. © 2017 SPLUNK INC. ▶ Reports • Visually represent the results of a search • Run on an ad hoc basis or save the report to view later • Share it with others on the team or a different group • Add reports to a new or existing dashboard Dynamic Reporting Chart on any search Choose visualization Save as a report
  • 31. © 2017 SPLUNK INC. Combine Reports to Create Dashboards Use the built-in dashboard editor Or embed the reports into external sites like a wiki
  • 32. © 2017 SPLUNK INC. It’s all about the data Let’s participate in some data discovery.
  • 33. © 2017 SPLUNK INC. Sources of Data HTTP Status Lookup Table Access Log access_datasample_last4h.log http_status.csv
  • 34. © 2017 SPLUNK INC. ▶ 141.146.8.66 - - [17/Nov/2016 12:17:52:155] "GET /oldlink?item_id=EST-7&JSESSIONID=SD5SL5FF3ADFF8 HTTP 1.1" 400 1271 "http://www.myflowershop.com/cart.do?action=addtocart&itemId=EST-7&product_id=FI-FW-02" "Googlebot/2.1 ( http://www.googlebot.com/bot.html) " 899 Unstructured Data - Access Log access_datasample_last4h.log JSESSIONID SD5SL5FF3ADFF8 _raw 141.146.8.66 - - [17/Nov/2016 12:17:52:155] "GET /oldlink?item_id=EST- 7&JSESSIONID=SD5SL5FF3ADFF8 HTTP 1.1" 400 1271 "http://www.myflowershop.com/cart.do?action=addtocart&itemId=EST- 7&product_id=FI-FW-02" "Googlebot/2.1 ( http://www.googlebot.com/bot.html) " 899 _time 2016-11-17T12:17:52.155-0500 action addtocart bytes 1271 category_id clientip 141.146.8.66 cookie date_hour 12 date_mday 17 date_minute 17 date_month november date_second 52 date_wday thursday date_year 2016 date_zone local eventtype file oldlink host gweaver-mbp ident - index main itemId EST-7 item_id EST-7 linecount 1 method GET other 899 product_id FI-FW-02 punct ..._-_-_[//_:::]_"_/?=-&=__."___"://../.?=&=-&=--" referer http://www.myflowershop.com/cart.do?action=addtocart&itemId=EST- 7&product_id=FI-FW-02 referer_domain http://www.myflowershop.com req_time 17/Nov/2016 12:17:52:155 root source access_datasample_last4h.log sourcetype access_combined splunk_server gweaver-mbp splunk_server_group status 400 timeendpos 42 timestartpos 18 uri /oldlink?item_id=EST-7&JSESSIONID=SD5SL5FF3ADFF8 uri_domain uri_path /oldlink uri_query item_id=EST-7&JSESSIONID=SD5SL5FF3ADFF8 user - useragent Googlebot/2.1 ( http://www.googlebot.com/bot.html) version 1.1
  • 35. © 2017 SPLUNK INC. http_status.csv status status_description status_type 403 Forbidden Client Error 404 Not Found Client Error 405 Method Not Allowed Client Error 406 Not Acceptable Client Error 407 Proxy Authentication Required Client Error 408 Request Timeout Client Error 409 Conflict Client Error 410 Gone Client Error 411 Length Required Client Error 412 Precondition Failed Client Error 413 Request Entity Too Large Client Error 414 Request-URI Too Long Client Error 415 Unsupported Media Type Client Error 416 Requested Range Not Satisfiable Client Error 417 Expectation Failed Client Error 500 Internal Server Error Server Error 501 Not Implemented Server Error 502 Bad Gateway Server Error 503 Service Unavailable Server Error 504 Gateway Timeout Server Error 505 HTTP Version Not Supported Server Error status status_description status_type 100 Continue Informational 101 Switching Protocols Informational 200 OK Successful 201 Created Successful 202 Accepted Successful 203 Non-Authoritative Information Successful 204 No Content Successful 205 Reset Content Successful 206 Partial Content Successful 300 Multiple Choices Redirection 301 Moved Permanently Redirection 302 Found Redirection 303 See Other Redirection 304 Not Modified Redirection 305 Use Proxy Redirection 307 Temporary Redirect Redirection 400 Bad Request Client Error 401 Unauthorized Client Error 402 Payment Required Client Error
  • 36. © 2017 SPLUNK INC. Search & Reporting Let’s explore some data together
  • 37. © 2017 SPLUNK INC. Go to the Search & Reporting App
  • 38. © 2017 SPLUNK INC. The Default App Interface How many events were indexed? How old are the events? Are events still coming in?
  • 39. © 2017 SPLUNK INC. Data Summary – Hosts Two different hosts are sending their data into your Splunk instance. Data from appserver and fileserver hosts Total counts of events The last time events were received Guess what this little graphic means?
  • 40. © 2017 SPLUNK INC. Data Summary – Sources Sources let you know the specific location or other information about where the event originates. Original source location of logs Event counts continue to grow.
  • 41. © 2017 SPLUNK INC. Data Summary – Sourcetypes Sourcetypes provide categories and context, and are used to extract fields, enrich data and so much more. Categorize data using sourcetypes!
  • 42. © 2017 SPLUNK INC. Searching in your app Add a wildcard to the search bar and hit return to see indexed events
  • 43. © 2017 SPLUNK INC. The Search Results Interface Take some time and explore all of the available options in the Splunk search results Key=“Value” fields are automatically extracted from raw events. We call this, “schema on the fly” Which fields will Splunk automatically extract from the events? App Bar Splunk Bar Search Bar Events Bar Fields Sidebar Search Action Buttons Timeline Search Results Tabs Save As Menu Time Range Picker Search Mode Selector
  • 44. © 2017 SPLUNK INC. Exploring Fields What values do you see when you select the sourcetype field? Take some time to explore the various field options on the left
  • 45. © 2017 SPLUNK INC. Numeric Field Reports Numeric Fields # Select “Average over time” to generate a timechart
  • 46. © 2017 SPLUNK INC. Visualizing Data Chart Types Splunk Search Language (SPL) Select Column Chart
  • 47. © 2017 SPLUNK INC. Statistical and Charting Functions http://docs.splunk.com/Documentation/Splunk/6.6.2/SearchReference/CommonStatsFunctions Add additional functions to transform results Use, “AS” to rename the result fields Remember , “CAPITALIZE”
  • 48. © 2017 SPLUNK INC. Formatting Visualizations Stacked http://docs.splunk.com/Documentation/Splunk/6.6.2/SearchReference/CommonStatsFunctions Format
  • 49. © 2017 SPLUNK INC. ASCII Field Reports ASCII Fields a
  • 50. © 2017 SPLUNK INC. Apps
  • 51. © 2017 SPLUNK INC. splunkbase.com
  • 52. © 2017 SPLUNK INC. Splunkbase.com 52 The Splunk platform imports and indexes virtually any machine data and provides powerful search and analysis features that deliver immediate value to your business. We also offer hundreds of apps and add-ons that can enhance and extend the Splunk platform with ready-to-use functions ranging from optimized data collection to monitoring security, IT management and more.
  • 53. © 2017 SPLUNK INC. Splunkbase.com – 6.x Dashboard Examples 53 The Splunk 6.x Dashboard app delivers examples that give you a hands-on way to learn the basic concepts and tools needed to rapidly create rich dashboards using Simple XML. This new app incorporates learn-by-doing Simple XML examples, including extensions to Simple XML for further customization of layout, interactivity, and visualizations.
  • 54. © 2017 SPLUNK INC. ▶ Assistants: Guide model building, testing & deployment for common objectives ▶ Showcases: Interactive examples for typical IT, security, business, IoT use cases ▶ SPL ML Commands: New commands to fit, test and operationalize models ▶ Python for Scientific Computing Library: 300+ open source algorithms available for use Splunk Machine Learning Toolkit Build custom analytics for any use case
  • 55. © 2017 SPLUNK INC. Installing Your First App
  • 56. © 2017 SPLUNK INC. Browse more apps on splunkbase.com
  • 57. © 2017 SPLUNK INC. Install Splunk 6.x Dashboard Examples
  • 58. © 2017 SPLUNK INC. Check out the App you installed
  • 59. © 2017 SPLUNK INC. Creating Your First App Creating your MDW101 App
  • 60. © 2017 SPLUNK INC. Creating Your First App • Apps are a collection of dashboards, panels and UI elements • Powered by saved searches and packaged for specific technologies or use cases. • Provide useful and relevant information to many different roles. • Help you stay organized I am not an App developer!!!!
  • 61. © 2017 SPLUNK INC. App Management Page Select the “Create App” button
  • 62. © 2017 SPLUNK INC. Fill Out the App Form and Select Save All of your saved objects are here: $SPLUNK_HOME/etc/apps/MDW101 Apps are folders where all of my saved objects are stored!
  • 63. © 2017 SPLUNK INC. Go to the Machine Data Workshop 101 App That was easy!
  • 64. © 2017 SPLUNK INC. The Machine Data 101 Workshop App Why do we want you to stay within this Machine Data 101 Workshop app today?
  • 65. © 2017 SPLUNK INC. Your First Dashboard Pointing and Clicking
  • 66. © 2017 SPLUNK INC. Today You Will Be Building This
  • 67. © 2017 SPLUNK INC. SPL Overview Search Processing Language
  • 68. © 2017 SPLUNK INC. SPL Overview ▶Over 140+ search commands ▶Syntax was originally based upon the Unix pipeline and SQL and is optimized for time series data ▶The scope of SPL includes data searching, filtering, modification, manipulation, enrichment, insertion and deletion 68
  • 69. © 2017 SPLUNK INC. How Search Works
  • 70. © 2017 SPLUNK INC. search and filter | munge | report | cleanup | rename sum(KB) AS "Total KB" dc(clientip) AS "Unique Customers" | eval KB=bytes/1024 sourcetype=access* | stats sum(KB) dc(clientip) SPL Basic Structure 70
  • 71. © 2017 SPLUNK INC. SPL Examples
  • 72. © 2017 SPLUNK INC. search and filter
  • 73. © 2017 SPLUNK INC. Search and Filter Examples ● Keyword search: sourcetype=access* 200 73
  • 74. © 2017 SPLUNK INC. Search and Filter Examples ● Keyword search: sourcetype=access* 200 ● Filter: sourcetype=access* status=200 74
  • 75. © 2017 SPLUNK INC. Search and Filter Examples ● Keyword search: sourcetype=access* 200 ● Filter: sourcetype=access* status=200 ● Combined: sourcetype=access* GET action=purchase 75
  • 76. © 2017 SPLUNK INC. munge
  • 77. © 2017 SPLUNK INC. Eval – Modify or Create New Fields and ValuesExamples ● Calculation: sourcetype=access* | eval KB=bytes/1024 77
  • 78. © 2017 SPLUNK INC. Eval – Modify or Create New Fields and ValuesExamples ● Calculation: sourcetype=access* | eval KB=bytes/1024 ● Evaluation: sourcetype=access* | eval http_response = if(status != 200, "Error", "OK") 78
  • 79. © 2017 SPLUNK INC. Eval – Modify or Create New Fields and ValuesExamples ● Calculation: sourcetype=access* |eval KB=bytes/1024 ● Evaluation: sourcetype=access* | eval http_response = if(status != 200, ”Error", ”OK”) ● Concatenation: sourcetype=access* | eval connection = clientip.”:”.port 79
  • 80. © 2017 SPLUNK INC. Eval – Just Getting Started! Splunk Search Quick Reference Guide 80
  • 81. © 2017 SPLUNK INC. report
  • 82. © 2017 SPLUNK INC. Stats, Chart, Timechart 82
  • 83. © 2017 SPLUNK INC. Stats – Calculate Statistics Based on Field ValuesExamples ● Calculate stats sourcetype=access* | stats count 83
  • 84. © 2017 SPLUNK INC. Stats – Calculate Statistics Based on Field Values Examples 84 ● Calculate stats sourcetype=access* | stats count ● Group by field sourcetype=access* | stats count by action
  • 85. © 2017 SPLUNK INC. Stats – Calculate Statistics Based on Field Values Examples 85 ● Calculate stats and rename sourcetype=access* | stats count ● Group by field sourcetype=access* | stats count by action ● By multiple functions sourcetype=access* | stats avg(bytes) AS AVG_Bytes sparkline(avg(bytes)) AS Trend_Bytes by action Hey! That looks cool let’s save this report…..
  • 86. © 2017 SPLUNK INC. Save Search as a Report and Dashboard too
  • 87. © 2017 SPLUNK INC. MDW Workshop
  • 88. © 2017 SPLUNK INC. Timechart – Visualize Statistics Over Time Examples ● Visualize stats over time sourcetype=access* | timechart avg(bytes) 88
  • 89. © 2017 SPLUNK INC. Timechart – Visualize Statistics Over Time Examples 89 ● Visualize stats over time sourcetype=access* | timechart avg(bytes) ● Add a trendline sourcetype=access* | timechart avg(bytes) as bytes | trendline sma5(bytes) Hey! That looks cool too! Add it to your dashboard
  • 90. © 2017 SPLUNK INC. Add Search to your Dashboard
  • 91. © 2017 SPLUNK INC. Two Panels on your Dashboard
  • 92. © 2017 SPLUNK INC. Timechart – Visualize Statistics Over Time Examples 92 ● Visualize stats over time sourcetype=netapp:perf | timechart avg(read_ops) ● Add a trendline sourcetype=access* | timechart avg(bytes) as bytes | trendline sma5(bytes) ● Add a prediction overlay sourcetype=access* | timechart avg(bytes) as bytes | predict bytes
  • 93. © 2017 SPLUNK INC. Stats/Timechart – But Wait, There’s More! Splunk Search Quick Reference Guide 93
  • 94. © 2017 SPLUNK INC. Transaction – Group Related Events Spanning TimeExamples ● Group by session ID sourcetype=access* | transaction JSESSIONID 94
  • 95. © 2017 SPLUNK INC. Transaction – Group Related Events Spanning Time Examples 95 ● Group by session ID sourcetype=access* | transaction JSESSIONID ● Calculate session durations sourcetype=access* | transaction JSESSIONID | stats min(duration) max(duration) avg(duration)
  • 96. © 2017 SPLUNK INC. Stats – Group Related Events Spanning Time Examples 96 ● Group by session ID sourcetype=access* | transaction JSESSIONID ● Calculate session durations sourcetype=access* | transaction JSESSIONID | stats min(duration) max(duration) avg(duration) ● Stats command sourcetype=access* | stats min(_time) AS earliest max(_time) AS latest by JSESSIONID | eval duration=latest-earliest | stats min(duration) max(duration) avg(duration)
  • 97. © 2017 SPLUNK INC. Data Enrichment
  • 98. © 2017 SPLUNK INC. ▶ Add meaning/context/specificity to raw data ▶ Labels describing team, category, platform, geography ▶ Applied to field-value combination ▶ Multiple tags can be applied for each field-value ▶ Case sensitive Tags
  • 99. © 2017 SPLUNK INC. Create TagsSHOW
  • 100. © 2017 SPLUNK INC. Search events with tag in any field Search events with tag in a specific field Search events with tag using wildcards Find the Web Servers ▶ Tags in Action tag=webserver tag::host=webserver tag=web* Tag the host as webserver Tag the sourcetype as web 1 2 3 4 5 SHOW Back to Slides
  • 101. © 2017 SPLUNK INC. ▶ Normalize field labels to simplify search and correlation ▶ Apply multiple aliases to a single field • Example: Username | cs_username | User à user • Example: c_ip | client | client_ip à clientip ▶ Processed after field extractions + before lookups ▶ Can apply to lookups ▶ Aliases appear alongside original fields Field Aliases
  • 102. © 2017 SPLUNK INC. Re-Label Field to Intuitive Name Create Field Alias 1 2 3
  • 103. © 2017 SPLUNK INC. Create field alias of clientip = customer Search events in last 15 minutes, find customer field Field alias (customer) and original field (clientip) are both displayed Search using an Intuitive Field Name Field Alias in Action sourcetype=access_combined 1 2 3
  • 104. © 2017 SPLUNK INC. ▶ Shortcut for performing repetitive/long/complex transformations using eval command ▶ Based on extracted or discovered fields only ▶ Do not apply to lookup or generated fields Calculated Fields 1 2 3 3
  • 105. © 2017 SPLUNK INC. Compute Kilobytes from Bytes Create Calculated Field 1 2 3
  • 106. © 2017 SPLUNK INC. ▶ Augment raw events with additional fields • Provide context or supporting details ▶ Translate field values to more descriptive data • Example: add text descriptions for error codes, IDs • Example: add contact details to user names or IDs • Example: add descriptions to HTTP status codes ▶ File-based or scripted lookups Lookups
  • 107. © 2017 SPLUNK INC. Lookups to Enrich Raw Data CRM/ ERP External Data Sources Data goes in Create additional fields from the raw data with a lookup to an external data source Insight comes out Watch Lists LDAP AD CMDB
  • 108. © 2017 SPLUNK INC. Convert a Code into a Description Upload a Lookup Table file 1. Upload/create table
  • 109. © 2017 SPLUNK INC. Get the lookup from the Splunk Wiki (save to .csv file) http://wiki.splunk.com/Http_status.csv Lookup table files > Add new • Name: http_status.csv • Detination filename: http_status.csv Verify lookup was created successfully 1. Create HTTP Status Table 1 2 3 | inputlookup http_status.csv
  • 110. © 2017 SPLUNK INC. Output from manual lookup
  • 111. © 2017 SPLUNK INC. Create a Lookup Definition 2. Assign table to lookup object
  • 112. © 2017 SPLUNK INC. Lookup definitions > Add new • Name: http_status • Type: File-based • Lookup file: http_status.csv Invoke the lookup manually 2. Add Lookup Definition sourcetype=access_combined | lookup http_status status OUTPUT status_description 1 2
  • 113. © 2017 SPLUNK INC. Create an Automatic lookup 3. Map lookup to data set
  • 114. © 2017 SPLUNK INC. Automatic lookups > Add new • Name: http_status (cannot have spaces) • Lookup table: http_status • Apply to: sourcetype = access_combined • Lookup input field: status • Lookup output field: status_description Verify lookup is invoked automatically 3. Configure Automatic Lookup 1 2
  • 115. © 2017 SPLUNK INC. Configure Automatic Lookup
  • 116. © 2017 SPLUNK INC. Geostats with iplocation enrichment sourcetype=access* | iplocation clientip | geostats count by category_id Hey! That looks cool too! Add it to your dashboard
  • 117. © 2017 SPLUNK INC. Edit your Dashboard
  • 118. © 2017 SPLUNK INC. Finished Dashboard!
  • 119. © 2017 SPLUNK INC. Resources
  • 120. © 2017 SPLUNK INC. The Splunk Community Creating your MDW101 App
  • 121. © 2017 SPLUNK INC. Support
  • 122. © 2017 SPLUNK INC. Answers • Answers • User Groups • Splunkbase • Blogs • Developers • Documentation • Education • SplunkLive! • .conf2017 • Schwag Store • SplunkTrust
  • 123. © 2017 SPLUNK INC. Training
  • 124. © 2017 SPLUNK INC. Free Splunk Fundamentals 1 Course
  • 125. © 2017 SPLUNK INC. Q&A
  • 126. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You
  • 127. © 2017 SPLUNK INC. BREAK 15 MINUTES