DH
Uploaded byDaniel Hernandez
962 views

Splunk overview

Splunk is a tool that indexes and searches data to generate graphs, alerts, and dashboards. It can analyze data from sources like logs, metrics, and other sources on both local and remote machines. Key concepts in Splunk include indexes which are databases that store events, which are individual data entries that are broken down and tagged with metadata during indexing. Searches in Splunk return results in tabs for events, statistics, and visualizations.

Software
In this document
Powered by AI

Overview of the presentation by Daniel Hernandez about Splunk, including author details.

Splunk defined as a tool for indexing and searching data, capable of generating graphs, alerts, and dashboards.

Data types used by Splunk: IT streaming, historical data from event logs, web logs, and system metrics.

Distinction between local data (same machine) and remote data (different machine) in Splunk.

Introduction to key Splunk concepts: Indexes as databases and Events as individual data pieces.

Explanation of how Splunk indexes data by breaking it into pieces and assigning metadata like timestamps.

Step-by-step elements involved in searching data in Splunk, including steps to build a search query.

Definitions of Index, Host, Source, and Source Type in Splunk's search context.

Instructions for installing Splunk with a reference URL for detailed steps.

Resource link to get acquainted with Splunk Enterprise navigation.

Guide to getting data into Splunk Enterprise with reference link.

Overview of UI elements like Application Bar, Search Bar, and Time Range Picker in Splunk.

Introduction to Splunk's search and reporting functionalities.

Description of how to search and what to search in Splunk.

Overview of how search results are displayed in Splunk.

Details on the 'What to Search' panel showing Data Summary, Hosts, Sources, and Source Types.

Continuation of the 'What to Search' panel discussion.

Discussion of elements available after executing a search in Splunk, including tabs and action buttons.

Instructions for conducting searches in Splunk.

Further clarification on search elements and result tabs available in Splunk.

Discussion of the Events Tab in search results, showing event timelines and views.

Explains features like event view options and how matched search terms are displayed.

Continuation of the Events Tab, summarizing matches based on search criteria.

Shows how the timeline displays peaks in event occurrences with formatted data insights.

Focus on how the Events Tab displays search results based on specific criteria.

Step-by-step guidance on initiating searches in Splunk with filters.

Continuation of search instructions to emphasize using filters effectively.

Reference link for further details on searching data in Splunk.

List of references pertaining to SQL users, tutorials, and search references for Splunk.

Additional references related to data ingestion, event documentation, and Splunk installation.

Final set of references including tutorial data ingestion and links to Splunk downloads.

Embed presentation

Splunk Overview Daniel Hernandez • Twitter: @dnlstkmty November 2015
What is Splunk? [4] Splunk is a tool that can be used to index, and search data. Splunk can generate graphs, alerts, and dashboards for this data.
What kind of data is used by Splunk? [5] IT streaming and historical data. Data from: 1. Event logs (e.g. event viewer logs) 2. Web logs (e.g. IIS logs) 3. System metrics (e.g. Windows performance counters) 4. And Others sources
Splunk local, and remote data Data used by Splunk can be on the same machine (local data), or in a remote machine (remote data)
Splunk Concepts Index. Data repositories created in splunk are called Indexes. An index is a database. Event. A single piece of data in Splunk is called Event [6]. Examples - single record or entry in a log file. - single record or entry in the event viewer.
Splunk Indexing When Splunk indexes data, it breaks up the data into individual pieces and gives each piece a timestamp, host, source, and source type.
Splunk Search Elements Step 2 Step 3 Search Sub- search Index Source Source Type Host Results Step 1
Splunk Search Concepts • Index. An Index is a data repository in Splunk. • Host. Host is the name, or IP address of the network machine that originated the event. • Source. Source is the file, directory path, network port, or script from which the event was originated. • Source Type. Source Type classify the data based on how it is formatted.
Installing Splunk • Splunk installation can be done by following the steps described in the below URL: http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchTu torial/Systemrequirements
Getting Familiar with Splunk • Get familiar with Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/NavigatingSplunk
Getting Data into Splunk • Get data into Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/GetthetutorialdataintoSplunk
Splunk Search & Reporting – UI elements Application Bar Search Bar Time Rage Picker
Splunk Search & Reporting
Splunk Search & Reporting’s panels How to Search What to Search
Splunk Search – Search Result Tabs
Splunk ‘What to Search’ panel Data Summary Hosts Sources Source Types
Splunk ‘What to Search’ panel
Splunk Search Elements available after searching in Splunk Search Result Tabs Search Action Buttons Search Mode Selector ‘Save as’ menu
Splunk Search
Splunk Search – Search Result Tabs Search Result Tabs Events Statistic Visualization
Splunk Search – Search Result Tabs
Splunk Search Results – Events Tab Events Tab Timeline of events Events view options Field sidebar Search term matches
Splunk Search Results – Events Tab
Splunk Search Results – Events Tab • Shows how many events have occurred at a particular point in time. Timeline • When data is indexed, Splunk extract information from the data that is formatted as name and value pairs. Fields sidebar
Splunk Search Results – Events Tab • Shows the events that match the search criteria. Search term matches • Shows menus with options to format the search results. Event view options
Searching Data using Splunk • To search for events / logs in Splunk, go to Splunk Search page. 1. In the Search textbox, type the word(s) you want to search 2. Specify filters to narrow the search result such as host or source 3. Click on the Search icon
Searching Data using Splunk
Searching Data using Splunk • Additional details about searching data in Splunk can be found in the below link: http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchTu torial/Startsearching
References 1. Splunk for SQL Users. http://www.innovato.com/splunk/SQLSplunk.html 2. Splunk Search Tutorial. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/WelcometotheSearchTutorial 3. Splunk Search Reference. http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchRefere nce/SearchCheatsheet 4. About Splunk Enterprise http://docs.splunk.com/Documentation/Splunk/latest/Overview/Ab outSplunkEnterprise
References 5. About getting data into Splunk Enterprise. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/AboutgettingdataintoSplunk 6. Event http://docs.splunk.com/Splexicon:Event 7. Splunk Installation Manual. http://docs.splunk.com/Documentation/Splunk/6.2.0/Installation/I nstallonWindows 8. About Splunk Free http://docs.splunk.com/Documentation/Splunk/latest/Admin/More aboutSplunkFree
References 9. Get the tutorial data into Splunk http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchT utorial/GetthetutorialdataintoSplunk 10.About the Search Tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/WelcometotheSearchTutorial 11.Splunk download. http://www.splunk.com/download

More Related Content

PPTX
Splunk Overview
bySplunk
 
PPTX
Splunk for IT Operations
bySplunk
 
PPTX
SplunkLive 2011 Beginners Session
bySplunk
 
PPTX
Getting started with Splunk
bySplunk
 
PPTX
Splunk Tutorial for Beginners - What is Splunk | Edureka
byEdureka!
 
PPTX
Getting started with Splunk - Break out Session
byGeorg Knon
 
DOCX
Getting Started with Splunk Enterprise - Demo
bySplunk
 
PDF
Splunk for Real time alerting and monitoring. www.gtri.com
byZivaro Inc
 
Splunk Overview
bySplunk
 
Splunk for IT Operations
bySplunk
 
SplunkLive 2011 Beginners Session
bySplunk
 
Getting started with Splunk
bySplunk
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
byEdureka!
 
Getting started with Splunk - Break out Session
byGeorg Knon
 
Getting Started with Splunk Enterprise - Demo
bySplunk
 
Splunk for Real time alerting and monitoring. www.gtri.com
byZivaro Inc
 

What's hot

PPTX
Splunk Cloud
bySplunk
 
PPTX
dlux - Splunk Technical Overview
byDavid Lutz
 
PPTX
Best Practices for Splunk Deployments
bySplunk
 
PDF
Splunk 6.4 Administration.pdf
bynitinscribd
 
PDF
SplunkSummit 2015 - A Quick Guide to Search Optimization
bySplunk
 
PDF
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
bySplunk
 
PPTX
SplunkLive 2011 Advanced Session
bySplunk
 
PPTX
Splunk for ITOps
bySplunk
 
PPTX
Splunk
byDouglas Bernardini
 
PPTX
Getting Data into Splunk
bySplunk
 
PDF
The Power of SPL
bySplunk
 
PDF
Snowflake for Data Engineering
byHarald Erb
 
PDF
Apache Spark Introduction
bysudhakara st
 
PDF
Getting Started with Splunk Enterprise
bySplunk
 
PPTX
Introduction to Firebase
byMustafa Şenel
 
PPTX
Splunk
byDeep Mehta
 
PPTX
.conf Go 2022 - Observability Session
bySplunk
 
PPTX
Introduction to snowflake
bySunil Gurav
 
PPTX
Taking Splunk to the Next Level - Architecture
bySplunk
 
PDF
モダンなイベント駆動型システム連携を学ぼう〜Platform Events 入門
bySalesforce Developers Japan
 
Splunk Cloud
bySplunk
 
dlux - Splunk Technical Overview
byDavid Lutz
 
Best Practices for Splunk Deployments
bySplunk
 
Splunk 6.4 Administration.pdf
bynitinscribd
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
bySplunk
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
bySplunk
 
SplunkLive 2011 Advanced Session
bySplunk
 
Splunk for ITOps
bySplunk
 
Splunk
byDouglas Bernardini
 
Getting Data into Splunk
bySplunk
 
The Power of SPL
bySplunk
 
Snowflake for Data Engineering
byHarald Erb
 
Apache Spark Introduction
bysudhakara st
 
Getting Started with Splunk Enterprise
bySplunk
 
Introduction to Firebase
byMustafa Şenel
 
Splunk
byDeep Mehta
 
.conf Go 2022 - Observability Session
bySplunk
 
Introduction to snowflake
bySunil Gurav
 
Taking Splunk to the Next Level - Architecture
bySplunk
 
モダンなイベント駆動型システム連携を学ぼう〜Platform Events 入門
bySalesforce Developers Japan
 

Viewers also liked

PDF
Splunk Insights
bySunil Kumar
 
PPTX
Getting Started with Splunk Break out Session
byGeorg Knon
 
PPTX
SplunkLive! Getting Started with Splunk Enterprise
bySplunk
 
PPTX
Getting Started with Splunk Enterprise
bySplunk
 
PDF
Splunk Enterprise for IT Troubleshooting Hands-On
bySplunk
 
PDF
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
bySplunk
 
PDF
Splunk Enterprise for IT Troubleshooting
bySplunk
 
PPTX
dlux splunk>live! 2012 Beginners Session
byDavid Lutz
 
PPTX
Building a Security Information and Event Management platform at Travis Per...
bySplunk
 
Splunk Insights
bySunil Kumar
 
Getting Started with Splunk Break out Session
byGeorg Knon
 
SplunkLive! Getting Started with Splunk Enterprise
bySplunk
 
Getting Started with Splunk Enterprise
bySplunk
 
Splunk Enterprise for IT Troubleshooting Hands-On
bySplunk
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
bySplunk
 
Splunk Enterprise for IT Troubleshooting
bySplunk
 
dlux splunk>live! 2012 Beginners Session
byDavid Lutz
 
Building a Security Information and Event Management platform at Travis Per...
bySplunk
 

Similar to Splunk overview

PPTX
Splunk bsides
byMacy Cronkrite
 
PPTX
SplunkLive! - Getting started with Splunk
bySplunk
 
PPT
Splunk .conf2011: Search Language: Beginner
byErin Sweeney
 
PPTX
Getting started with Splunk Breakout Session
bySplunk
 
PDF
Getting Started Breakout Session
bySplunk
 
PPTX
SplunkLive! Beginner Session
bySplunk
 
PPTX
Splunk live beginner training nyc
byDimitri McKay - CISSP
 
PDF
Using Splunk 6.3 - eLearning.pdf
byllan47
 
PPTX
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
byGeorg Knon
 
PPTX
SplunkLive! London 2016 Splunk Overview
bySplunk
 
PDF
SplunkLive! Washington DC May 2013 - Search Language Beginner
bySplunk
 
PDF
Splunk Discovery Day Milwaukee 9-14-17
bySplunk
 
PPTX
Getting Started with Splunk Enterprise
bySplunk
 
PDF
Splunk Discovery Indianapolis - October 10, 2017
bySplunk
 
PPTX
SplunkLive Oslo/Stockholm Beginner Workshop
byjenny_splunk
 
PDF
Machine Data 101
bySplunk
 
PPTX
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
bySplunk
 
PPTX
Getting Started with Splunk Enterprise
bySplunk
 
PDF
Machine Data 101
bySplunk
 
PPTX
Machine Data 101
bySplunk
 
Splunk bsides
byMacy Cronkrite
 
SplunkLive! - Getting started with Splunk
bySplunk
 
Splunk .conf2011: Search Language: Beginner
byErin Sweeney
 
Getting started with Splunk Breakout Session
bySplunk
 
Getting Started Breakout Session
bySplunk
 
SplunkLive! Beginner Session
bySplunk
 
Splunk live beginner training nyc
byDimitri McKay - CISSP
 
Using Splunk 6.3 - eLearning.pdf
byllan47
 
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
byGeorg Knon
 
SplunkLive! London 2016 Splunk Overview
bySplunk
 
SplunkLive! Washington DC May 2013 - Search Language Beginner
bySplunk
 
Splunk Discovery Day Milwaukee 9-14-17
bySplunk
 
Getting Started with Splunk Enterprise
bySplunk
 
Splunk Discovery Indianapolis - October 10, 2017
bySplunk
 
SplunkLive Oslo/Stockholm Beginner Workshop
byjenny_splunk
 
Machine Data 101
bySplunk
 
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
bySplunk
 
Getting Started with Splunk Enterprise
bySplunk
 
Machine Data 101
bySplunk
 
Machine Data 101
bySplunk
 

Recently uploaded

PDF
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
byDeltares
 
PDF
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
PDF
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
PDF
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
PDF
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
PDF
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
PDF
Custom MGA Software Development: Better Apporach
byOpenkoda
 
PDF
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
PPTX
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
PDF
DSD-INT 2025 Building-Aware Flood and Lifeline Scour Modeling with Delft3D FM...
byDeltares
 
PDF
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
PDF
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
PPTX
Presentation on AWS Cloud RDS Deep dive
byBimal Jain
 
PDF
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
PPTX
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
PDF
DSD-INT 2025 Climate and impact attribution of compound flooding induced by t...
byDeltares
 
PPTX
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
PDF
Bring AI and build AI agents into your Jakarta EE Apps with LangChain4J-CDI
byBuhake Sindi
 
PPTX
The Sync Strikes Back: Tales from the MOPs Trenches
bybbedford2
 
PDF
DSD-INT 2025 MeshKernel and D-Grid Editor - Stout
byDeltares
 
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
byDeltares
 
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
Custom MGA Software Development: Better Apporach
byOpenkoda
 
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
DSD-INT 2025 Building-Aware Flood and Lifeline Scour Modeling with Delft3D FM...
byDeltares
 
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
Presentation on AWS Cloud RDS Deep dive
byBimal Jain
 
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
DSD-INT 2025 Climate and impact attribution of compound flooding induced by t...
byDeltares
 
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
Bring AI and build AI agents into your Jakarta EE Apps with LangChain4J-CDI
byBuhake Sindi
 
The Sync Strikes Back: Tales from the MOPs Trenches
bybbedford2
 
DSD-INT 2025 MeshKernel and D-Grid Editor - Stout
byDeltares
 

Splunk overview

  • 1.
    Splunk Overview Daniel Hernandez •Twitter: @dnlstkmty November 2015
  • 2.
    What is Splunk? [4]Splunk is a tool that can be used to index, and search data. Splunk can generate graphs, alerts, and dashboards for this data.
  • 3.
    What kind ofdata is used by Splunk? [5] IT streaming and historical data. Data from: 1. Event logs (e.g. event viewer logs) 2. Web logs (e.g. IIS logs) 3. System metrics (e.g. Windows performance counters) 4. And Others sources
  • 4.
    Splunk local, andremote data Data used by Splunk can be on the same machine (local data), or in a remote machine (remote data)
  • 5.
    Splunk Concepts Index. Datarepositories created in splunk are called Indexes. An index is a database. Event. A single piece of data in Splunk is called Event [6]. Examples - single record or entry in a log file. - single record or entry in the event viewer.
  • 6.
    Splunk Indexing When Splunkindexes data, it breaks up the data into individual pieces and gives each piece a timestamp, host, source, and source type.
  • 7.
    Splunk Search Elements Step2 Step 3 Search Sub- search Index Source Source Type Host Results Step 1
  • 8.
    Splunk Search Concepts •Index. An Index is a data repository in Splunk. • Host. Host is the name, or IP address of the network machine that originated the event. • Source. Source is the file, directory path, network port, or script from which the event was originated. • Source Type. Source Type classify the data based on how it is formatted.
  • 9.
    Installing Splunk • Splunkinstallation can be done by following the steps described in the below URL: http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchTu torial/Systemrequirements
  • 10.
    Getting Familiar withSplunk • Get familiar with Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/NavigatingSplunk
  • 11.
    Getting Data intoSplunk • Get data into Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/GetthetutorialdataintoSplunk
  • 12.
    Splunk Search &Reporting – UI elements Application Bar Search Bar Time Rage Picker
  • 13.
    Splunk Search &Reporting
  • 14.
    Splunk Search &Reporting’s panels How to Search What to Search
  • 15.
    Splunk Search –Search Result Tabs
  • 16.
    Splunk ‘What toSearch’ panel Data Summary Hosts Sources Source Types
  • 17.
    Splunk ‘What toSearch’ panel
  • 18.
    Splunk Search Elements availableafter searching in Splunk Search Result Tabs Search Action Buttons Search Mode Selector ‘Save as’ menu
  • 19.
  • 20.
    Splunk Search –Search Result Tabs Search Result Tabs Events Statistic Visualization
  • 21.
    Splunk Search –Search Result Tabs
  • 22.
    Splunk Search Results– Events Tab Events Tab Timeline of events Events view options Field sidebar Search term matches
  • 23.
    Splunk Search Results– Events Tab
  • 24.
    Splunk Search Results– Events Tab • Shows how many events have occurred at a particular point in time. Timeline • When data is indexed, Splunk extract information from the data that is formatted as name and value pairs. Fields sidebar
  • 25.
    Splunk Search Results– Events Tab • Shows the events that match the search criteria. Search term matches • Shows menus with options to format the search results. Event view options
  • 26.
    Searching Data usingSplunk • To search for events / logs in Splunk, go to Splunk Search page. 1. In the Search textbox, type the word(s) you want to search 2. Specify filters to narrow the search result such as host or source 3. Click on the Search icon
  • 27.
  • 28.
    Searching Data usingSplunk • Additional details about searching data in Splunk can be found in the below link: http://docs.splunk.com/Documentation/Splunk/6.3.0/SearchTu torial/Startsearching
  • 29.
    References 1. Splunk forSQL Users. http://www.innovato.com/splunk/SQLSplunk.html 2. Splunk Search Tutorial. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/WelcometotheSearchTutorial 3. Splunk Search Reference. http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchRefere nce/SearchCheatsheet 4. About Splunk Enterprise http://docs.splunk.com/Documentation/Splunk/latest/Overview/Ab outSplunkEnterprise
  • 30.
    References 5. About gettingdata into Splunk Enterprise. http://docs.splunk.com/Documentation/Splunk/latest/SearchTutori al/AboutgettingdataintoSplunk 6. Event http://docs.splunk.com/Splexicon:Event 7. Splunk Installation Manual. http://docs.splunk.com/Documentation/Splunk/6.2.0/Installation/I nstallonWindows 8. About Splunk Free http://docs.splunk.com/Documentation/Splunk/latest/Admin/More aboutSplunkFree
  • 31.
    References 9. Get thetutorial data into Splunk http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchT utorial/GetthetutorialdataintoSplunk 10.About the Search Tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchT utorial/WelcometotheSearchTutorial 11.Splunk download. http://www.splunk.com/download