DH
Uploaded byDaniel Hernandez
990 views

Splunk overview

Splunk is a tool that indexes and searches data to generate graphs, alerts, and dashboards. It can analyze data from sources like logs, metrics, and other sources on both local and remote machines. Key concepts in Splunk include indexes which are databases that store events, which are individual data entries that are broken down and tagged with metadata during indexing. Searches in Splunk return results in tabs for events, statistics, and visualizations.

Embed presentation

Splunk Overview Daniel Hernandez • Twitter: @dnlstkmty November 2015
What is Splunk? [4] Splunk is a tool that can be used to index, and search data. Splunk can generate graphs, alerts, and dashboards for this data.
What kind of data is used by Splunk? [5] IT streaming and historical data. Data from: 1. Event logs (e.g. event viewer logs) 2. Web logs (e.g. IIS logs) 3. System metrics (e.g. Windows performance counters) 4. And Others sources
Splunk local, and remote data Data used by Splunk can be on the same machine (local data), or in a remote machine (remote data)
Splunk Concepts Index. Data repositories created in splunk are called Indexes. An index is a database. Event. A single piece of data in Splunk is called Event [6]. Examples - single record or entry in a log file. - single record or entry in the event viewer.
Splunk Indexing When Splunk indexes data, it breaks up the data into individual pieces and gives each piece a timestamp, host, source, and source type.
Splunk Search Elements Step 2 Step 3 Search Sub- search Index Source Source Type Host Results Step 1
Splunk Search Concepts • Index. An Index is a data repository in Splunk. • Host. Host is the name, or IP address of the network machine that originated the event. • Source. Source is the file, directory path, network port, or script from which the event was originated. • Source Type. Source Type classify the data based on how it is formatted.
Installing Splunk • Splunk installation can be done by following the steps described in the below URL: http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchTu torial/Systemrequirements
Getting Familiar with Splunk • Get familiar with Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/NavigatingSplunk
Getting Data into Splunk • Get data into Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/GetthetutorialdataintoSplunk
Splunk Search & Reporting – UI elements Application Bar Search Bar Time Rage Picker
Splunk Search & Reporting
Splunk Search & Reporting’s panels How to Search What to Search
Splunk Search – Search Result Tabs
Splunk ‘What to Search’ panel Data Summary Hosts Sources Source Types
Splunk ‘What to Search’ panel
Splunk Search Elements available after searching in Splunk Search Result Tabs Search Action Buttons Search Mode Selector ‘Save as’ menu
Splunk Search
Splunk Search – Search Result Tabs Search Result Tabs Events Statistic Visualization
Splunk Search – Search Result Tabs
Splunk Search Results – Events Tab Events Tab Timeline of events Events view options Field sidebar Search term matches
Splunk Search Results – Events Tab
Splunk Search Results – Events Tab • Shows how many events have occurred at a particular point in time. Timeline • When data is indexed, Splunk extract information from the data that is formatted as name and value pairs. Fields sidebar
Splunk Search Results – Events Tab • Shows the events that match the search criteria. Search term matches • Shows menus with options to format the search results. Event view options
Searching Data using Splunk • To search for events / logs in Splunk, go to Splunk Search page. 1. In the Search textbox, type the word(s) you want to search 2. Specify filters to narrow the search result such as host or source 3. Click on the Search icon
Searching Data using Splunk
Searching Data using Splunk • Additional details about searching data in Splunk can be found in the below link: http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchTu torial/Startsearching
References 1. Splunk for SQL Users. http://www.innovato.com/splunk/SQLSplunk.html 2. Splunk Search Tutorial. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/WelcometotheSearchTutorial 3. Splunk Search Reference. http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchRefere nce/SearchCheatsheet 4. About Splunk Enterprise http://docs.splunk.com/Documentation/Splunk/latest/Overview/Ab outSplunkEnterprise
References 5. About getting data into Splunk Enterprise. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/AboutgettingdataintoSplunk 6. Event http://docs.splunk.com/Splexicon:Event 7. Splunk Installation Manual. http://docs.splunk.com/Documentation/Splunk/6.2.0/Installation/I nstallonWindows 8. About Splunk Free http://docs.splunk.com/Documentation/Splunk/latest/Admin/More aboutSplunkFree
References 9. Get the tutorial data into Splunk http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchT utorial/GetthetutorialdataintoSplunk 10.About the Search Tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/WelcometotheSearchTutorial 11.Splunk download. http://www.splunk.com/download

More Related Content

PPTX
Splunk Architecture
byKishore Chaganti
 
PPTX
Splunk Overview
bySplunk
 
PPTX
Splunk Tutorial for Beginners - What is Splunk | Edureka
byEdureka!
 
PDF
Splunk 101
bySplunk
 
PDF
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
byEdureka!
 
PPTX
Getting started with Splunk - Break out Session
byGeorg Knon
 
PPTX
Splunk Overview
bySplunk
 
PPTX
Splunk Architecture overview
byAlex Fok
 
Splunk Architecture
byKishore Chaganti
 
Splunk Overview
bySplunk
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
byEdureka!
 
Splunk 101
bySplunk
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
byEdureka!
 
Getting started with Splunk - Break out Session
byGeorg Knon
 
Splunk Overview
bySplunk
 
Splunk Architecture overview
byAlex Fok
 

What's hot

PPTX
SplunkLive 2011 Beginners Session
bySplunk
 
PPTX
Splunk for Enterprise Security and User Behavior Analytics
bySplunk
 
PDF
Splunk-Presentation
byPrasadThorat23
 
PPTX
Getting Started with Splunk (Hands-On)
bySplunk
 
PPTX
Splunk for IT Operations
bySplunk
 
PDF
Splunk for Real time alerting and monitoring. www.gtri.com
byZivaro Inc
 
PPTX
Getting Data into Splunk
bySplunk
 
PDF
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
byDevOps.com
 
PPTX
Taking Splunk to the Next Level – Architecture
bySplunk
 
PPTX
Power of Splunk Search Processing Language (SPL)
bySplunk
 
PPTX
Splunk for ITOps
bySplunk
 
PPTX
Splunk Enterprise Security
bySplunk
 
PPTX
Splunk Enterprise Security
byMd Mofijul Haque
 
PDF
Elastic SIEM (Endpoint Security)
byKangaroot
 
PPTX
QRadar, ArcSight and Splunk
byM sharifi
 
PPTX
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
PPTX
Workshop splunk 6.5-saint-louis-mo
byMohamad Hassan
 
PPTX
Exploring Frameworks of Splunk Enterprise Security
bySplunk
 
PPTX
Observability
byEnes Altınok
 
PPTX
.conf Go 2022 - Observability Session
bySplunk
 
SplunkLive 2011 Beginners Session
bySplunk
 
Splunk for Enterprise Security and User Behavior Analytics
bySplunk
 
Splunk-Presentation
byPrasadThorat23
 
Getting Started with Splunk (Hands-On)
bySplunk
 
Splunk for IT Operations
bySplunk
 
Splunk for Real time alerting and monitoring. www.gtri.com
byZivaro Inc
 
Getting Data into Splunk
bySplunk
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
byDevOps.com
 
Taking Splunk to the Next Level – Architecture
bySplunk
 
Power of Splunk Search Processing Language (SPL)
bySplunk
 
Splunk for ITOps
bySplunk
 
Splunk Enterprise Security
bySplunk
 
Splunk Enterprise Security
byMd Mofijul Haque
 
Elastic SIEM (Endpoint Security)
byKangaroot
 
QRadar, ArcSight and Splunk
byM sharifi
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
Workshop splunk 6.5-saint-louis-mo
byMohamad Hassan
 
Exploring Frameworks of Splunk Enterprise Security
bySplunk
 
Observability
byEnes Altınok
 
.conf Go 2022 - Observability Session
bySplunk
 

Viewers also liked

PDF
Splunk Insights
bySunil Kumar
 
PPTX
Getting Started with Splunk Break out Session
byGeorg Knon
 
PPTX
SplunkLive! Getting Started with Splunk Enterprise
bySplunk
 
PPTX
Getting Started with Splunk Enterprise
bySplunk
 
PPTX
SplunkLive 2011 Advanced Session
bySplunk
 
PDF
Splunk Enterprise for IT Troubleshooting Hands-On
bySplunk
 
DOCX
Getting Started with Splunk Enterprise - Demo
bySplunk
 
PDF
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
bySplunk
 
PDF
Splunk Enterprise for IT Troubleshooting
bySplunk
 
PPTX
dlux splunk>live! 2012 Beginners Session
byDavid Lutz
 
PPTX
Getting started with Splunk
bySplunk
 
PPTX
Building a Security Information and Event Management platform at Travis Per...
bySplunk
 
Splunk Insights
bySunil Kumar
 
Getting Started with Splunk Break out Session
byGeorg Knon
 
SplunkLive! Getting Started with Splunk Enterprise
bySplunk
 
Getting Started with Splunk Enterprise
bySplunk
 
SplunkLive 2011 Advanced Session
bySplunk
 
Splunk Enterprise for IT Troubleshooting Hands-On
bySplunk
 
Getting Started with Splunk Enterprise - Demo
bySplunk
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
bySplunk
 
Splunk Enterprise for IT Troubleshooting
bySplunk
 
dlux splunk>live! 2012 Beginners Session
byDavid Lutz
 
Getting started with Splunk
bySplunk
 
Building a Security Information and Event Management platform at Travis Per...
bySplunk
 

Similar to Splunk overview

PPTX
Splunk bsides
byMacy Cronkrite
 
PPTX
SplunkLive! - Getting started with Splunk
bySplunk
 
PDF
Splunk-7.x-Fundamentals-Part-1-eLearning (2).pdf
bychaithramj1
 
PPT
Splunk .conf2011: Search Language: Beginner
byErin Sweeney
 
PPTX
Getting started with Splunk Breakout Session
bySplunk
 
PDF
Getting Started Breakout Session
bySplunk
 
PPTX
SplunkLive! Beginner Session
bySplunk
 
PPTX
Splunk live beginner training nyc
byDimitri McKay - CISSP
 
PDF
Using Splunk 6.3 - eLearning.pdf
byllan47
 
PPTX
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
byGeorg Knon
 
PPTX
Splunk
byDouglas Bernardini
 
PPTX
SplunkLive! London 2016 Splunk Overview
bySplunk
 
PDF
SplunkLive! Washington DC May 2013 - Search Language Beginner
bySplunk
 
PDF
Splunk Discovery Day Milwaukee 9-14-17
bySplunk
 
PPTX
Getting Started with Splunk Enterprise
bySplunk
 
PDF
Splunk Discovery Indianapolis - October 10, 2017
bySplunk
 
PPTX
SplunkLive Oslo/Stockholm Beginner Workshop
byjenny_splunk
 
PDF
The Power of SPL
bySplunk
 
PDF
Machine Data 101
bySplunk
 
PPTX
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
bySplunk
 
Splunk bsides
byMacy Cronkrite
 
SplunkLive! - Getting started with Splunk
bySplunk
 
Splunk-7.x-Fundamentals-Part-1-eLearning (2).pdf
bychaithramj1
 
Splunk .conf2011: Search Language: Beginner
byErin Sweeney
 
Getting started with Splunk Breakout Session
bySplunk
 
Getting Started Breakout Session
bySplunk
 
SplunkLive! Beginner Session
bySplunk
 
Splunk live beginner training nyc
byDimitri McKay - CISSP
 
Using Splunk 6.3 - eLearning.pdf
byllan47
 
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
byGeorg Knon
 
Splunk
byDouglas Bernardini
 
SplunkLive! London 2016 Splunk Overview
bySplunk
 
SplunkLive! Washington DC May 2013 - Search Language Beginner
bySplunk
 
Splunk Discovery Day Milwaukee 9-14-17
bySplunk
 
Getting Started with Splunk Enterprise
bySplunk
 
Splunk Discovery Indianapolis - October 10, 2017
bySplunk
 
SplunkLive Oslo/Stockholm Beginner Workshop
byjenny_splunk
 
The Power of SPL
bySplunk
 
Machine Data 101
bySplunk
 
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
bySplunk
 

Recently uploaded

PPTX
EMR Software for Gynaecology Clinics How EasyClinic Supports Continuity, Priv...
byEasy Clinic
 
PDF
DSD-INT 2025 Groundwater table lowering due to surface water lowering - Reusen
byDeltares
 
PDF
Transferring Ideas to Impact -Driving Innovation and Demand with OnePlan
byOnePlan Solutions
 
PDF
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
PDF
CatoCoin (CATO) – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority
 
PDF
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
PPTX
Free AI Paraphrasing Tool to Rewrite Sentences – SENTENCIFY
bySENTENCIFY
 
PDF
DSD-INT 2025 Large scale unsaturated zone modelling - Sequential Steady State...
byDeltares
 
PDF
Healthcare Mobile App Development: Features & Benefits
byjoealwyn38
 
PPTX
Online Contractor Safety Induction Training Software
bySHEQ Network Limited
 
PDF
Common Salesforce Implementation Challenges and How to Avoid Them
byAlbert Rio
 
PPTX
NetworkMediaWireless (1).pptxunsnsndjdjdjjdnd
byre7022
 
PPTX
Performance Engineering: New and Conflicting Trends
byAlexander Podelko
 
PDF
The Future of Microsoft Project Management Tools - Connecting Teams, Work, an...
byOnePlan Solutions
 
PDF
our environment ppt made by many people name rarang yadav
byrarang180
 
PPTX
Project System Presentation details process presentation
bytejpratappandey4
 
PPTX
Orion Context Broker introduction 20260114
byFermin Galan
 
PDF
IT Estate Modernization Solutions for Cloud-Ready Businesses.pdf
byAstuteBusiness
 
PPTX
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
PDF
Building Strong IT Systems Using the Site Reliability Engineering
byAvekshaa Technologies
 
EMR Software for Gynaecology Clinics How EasyClinic Supports Continuity, Priv...
byEasy Clinic
 
DSD-INT 2025 Groundwater table lowering due to surface water lowering - Reusen
byDeltares
 
Transferring Ideas to Impact -Driving Innovation and Demand with OnePlan
byOnePlan Solutions
 
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
CatoCoin (CATO) – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority
 
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
Free AI Paraphrasing Tool to Rewrite Sentences – SENTENCIFY
bySENTENCIFY
 
DSD-INT 2025 Large scale unsaturated zone modelling - Sequential Steady State...
byDeltares
 
Healthcare Mobile App Development: Features & Benefits
byjoealwyn38
 
Online Contractor Safety Induction Training Software
bySHEQ Network Limited
 
Common Salesforce Implementation Challenges and How to Avoid Them
byAlbert Rio
 
NetworkMediaWireless (1).pptxunsnsndjdjdjjdnd
byre7022
 
Performance Engineering: New and Conflicting Trends
byAlexander Podelko
 
The Future of Microsoft Project Management Tools - Connecting Teams, Work, an...
byOnePlan Solutions
 
our environment ppt made by many people name rarang yadav
byrarang180
 
Project System Presentation details process presentation
bytejpratappandey4
 
Orion Context Broker introduction 20260114
byFermin Galan
 
IT Estate Modernization Solutions for Cloud-Ready Businesses.pdf
byAstuteBusiness
 
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
Building Strong IT Systems Using the Site Reliability Engineering
byAvekshaa Technologies
 

Splunk overview

  • 1.
    Splunk Overview Daniel Hernandez •Twitter: @dnlstkmty November 2015
  • 2.
    What is Splunk? [4]Splunk is a tool that can be used to index, and search data. Splunk can generate graphs, alerts, and dashboards for this data.
  • 3.
    What kind ofdata is used by Splunk? [5] IT streaming and historical data. Data from: 1. Event logs (e.g. event viewer logs) 2. Web logs (e.g. IIS logs) 3. System metrics (e.g. Windows performance counters) 4. And Others sources
  • 4.
    Splunk local, andremote data Data used by Splunk can be on the same machine (local data), or in a remote machine (remote data)
  • 5.
    Splunk Concepts Index. Datarepositories created in splunk are called Indexes. An index is a database. Event. A single piece of data in Splunk is called Event [6]. Examples - single record or entry in a log file. - single record or entry in the event viewer.
  • 6.
    Splunk Indexing When Splunkindexes data, it breaks up the data into individual pieces and gives each piece a timestamp, host, source, and source type.
  • 7.
    Splunk Search Elements Step2 Step 3 Search Sub- search Index Source Source Type Host Results Step 1
  • 8.
    Splunk Search Concepts •Index. An Index is a data repository in Splunk. • Host. Host is the name, or IP address of the network machine that originated the event. • Source. Source is the file, directory path, network port, or script from which the event was originated. • Source Type. Source Type classify the data based on how it is formatted.
  • 9.
    Installing Splunk • Splunkinstallation can be done by following the steps described in the below URL: http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchTu torial/Systemrequirements
  • 10.
    Getting Familiar withSplunk • Get familiar with Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/NavigatingSplunk
  • 11.
    Getting Data intoSplunk • Get data into Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/GetthetutorialdataintoSplunk
  • 12.
    Splunk Search &Reporting – UI elements Application Bar Search Bar Time Rage Picker
  • 13.
    Splunk Search &Reporting
  • 14.
    Splunk Search &Reporting’s panels How to Search What to Search
  • 15.
    Splunk Search –Search Result Tabs
  • 16.
    Splunk ‘What toSearch’ panel Data Summary Hosts Sources Source Types
  • 17.
    Splunk ‘What toSearch’ panel
  • 18.
    Splunk Search Elements availableafter searching in Splunk Search Result Tabs Search Action Buttons Search Mode Selector ‘Save as’ menu
  • 19.
  • 20.
    Splunk Search –Search Result Tabs Search Result Tabs Events Statistic Visualization
  • 21.
    Splunk Search –Search Result Tabs
  • 22.
    Splunk Search Results– Events Tab Events Tab Timeline of events Events view options Field sidebar Search term matches
  • 23.
    Splunk Search Results– Events Tab
  • 24.
    Splunk Search Results– Events Tab • Shows how many events have occurred at a particular point in time. Timeline • When data is indexed, Splunk extract information from the data that is formatted as name and value pairs. Fields sidebar
  • 25.
    Splunk Search Results– Events Tab • Shows the events that match the search criteria. Search term matches • Shows menus with options to format the search results. Event view options
  • 26.
    Searching Data usingSplunk • To search for events / logs in Splunk, go to Splunk Search page. 1. In the Search textbox, type the word(s) you want to search 2. Specify filters to narrow the search result such as host or source 3. Click on the Search icon
  • 27.
  • 28.
    Searching Data usingSplunk • Additional details about searching data in Splunk can be found in the below link: http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchTu torial/Startsearching
  • 29.
    References 1. Splunk forSQL Users. http://www.innovato.com/splunk/SQLSplunk.html 2. Splunk Search Tutorial. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/WelcometotheSearchTutorial 3. Splunk Search Reference. http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchRefere nce/SearchCheatsheet 4. About Splunk Enterprise http://docs.splunk.com/Documentation/Splunk/latest/Overview/Ab outSplunkEnterprise
  • 30.
    References 5. About gettingdata into Splunk Enterprise. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/AboutgettingdataintoSplunk 6. Event http://docs.splunk.com/Splexicon:Event 7. Splunk Installation Manual. http://docs.splunk.com/Documentation/Splunk/6.2.0/Installation/I nstallonWindows 8. About Splunk Free http://docs.splunk.com/Documentation/Splunk/latest/Admin/More aboutSplunkFree
  • 31.
    References 9. Get thetutorial data into Splunk http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchT utorial/GetthetutorialdataintoSplunk 10.About the Search Tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/WelcometotheSearchTutorial 11.Splunk download. http://www.splunk.com/download