Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Splunk Insights


Published on

Splunk insights

Published in: Technology
  • Be the first to comment

Splunk Insights

  1. 1. Presented By:Sunil Kumar 1
  2. 2. Agenda • • • • • • • What is Splunk Why Splunk Splunk Architecture Splunk Data Storage Splunk Installation Configuration Splunk Apps Splunk Searching, Reporting and Alerting • Splunk Dashboard
  3. 3. What is Splunk Splunk (the product) captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations Splunk aims to make machine data accessible across an organization and identifies data patterns, provides metrics, diagnoses problems and provides intelligence for business operation. Splunk is a used for application management, security and compliance, as well as business and web analytics. Splunk has over 5,200 licensed customers in 74 countries, including more than half of the Fortune 100.
  4. 4. Life Without Splunk
  5. 5. Life With Splunk
  6. 6. One Splunk. Many Uses.
  7. 7. Getting Data Into Splunk Agent and Agent-less Approach for Flexibility
  8. 8. How Splunk Stores Data Splunk is ingesting data and storing it in two types of files o Raw Data o Index File Splunk indexes are stored in directories called Buckets o This consists of the index file and the raw data o Buckets move through stages as they age
  9. 9. Splunk Licenses Free Download Limits Indexing to 500MB/day • • Enterprise Trial License expires after 60 days Reverts to Free License Features Disabled in Free License • • • • • Multiple user accounts and role-based access controls Distributed search Deployment management Scheduled saved searches and alerting Summary indexing Other License Types • Enterprise, Trial
  10. 10. Splunk Installation Splunk Platform • 32 or 64 bit • Indexer or Universal Forwarder • Start Splunk • WIN: Program FilesSplunkbinsplunk.exe start (services start) • *NIX: /opt/splunk/bin/splunk start Splunk Home • WIN: Program FilesSplunk • Other: /opt/splunk (Applications/splunk)
  11. 11. Splunk Universal Forwarder Setup Unix Platform • Configure universal forwarder to auto-start $./splunk enable boot-start • Configure the universal forwarder to forward to a receiving indexer: $./splunk add forward-server <host>:<port> -auth <username>:<password> Windows Platform: • Configure the universal forwarder to forward to a receiving indexer
  12. 12. Splunk Apps Splunk Apps Categories: • Application Management 88 • IT Operations Management 151 • Security and Compliance 128 • Business Analytics 34 • Utilities 134 • Cool Stuff 93
  13. 13. Log Monitoring Configuration Splunk's monitor process consumes any new data written to that file or directory. Sample inputs.conf configuration: Monitor a File: [monitor:/var/log/cassandra/system.log] sourcetype = log4j disabled = false Monitor a Directory files: [monitor:/var/log/] disabled = false
  14. 14. Splunk Searching • Wildcards are supported - * • Search terms are case insensitive. • Boolean searches are supported with AND, OR, NOT. Just remember that Booleans must be uppercase. • There is an implied AND between the search terms, and for complex searches, use parenthesis. (error OR failed) • Historical, custom, or real-time
  15. 15. Search Commands Search results are “piped” to the command: • Manipulating fields • Formatting • Handling results • Reporting
  16. 16. Saved Searches and Alerting OR
  17. 17. Alerting Actions • • • • Send email RSS Execute a script Track in Alert Manager
  18. 18. Splunk Alerting
  19. 19. Reporting Build reports from the results of any search Select type of report (Values over time, Top Values, Rare Values) and on which fields to report or perform statistics Choose the type of chart (line, area, column, etc) and other formatting options 20
  20. 20. Reporting Examples • Use wizard or reporting commands (timechart, top, etc) • Build real-time reports with real-time searches • Save reports for use on dashboards 21
  21. 21. Dashboards The Splunk Web Framework provides various options for creating dashboards: • Simple XML • Advanced XML • Splunk SDKs
  22. 22. Dashboards Contd.. Create dashboards from search results 23
  23. 23. Deployment Monitoring Keep Tabs On Your Splunk Enterprise Deployment Licenses Sourcetypes Indexers 24 Forwarders
  24. 24. Splunk Alternatives • Logstash • Hyperic HQ • Nagios • Appdynamics • NewRelic
  25. 25. Where to Go for Help • Documentation – • Technical Support – • Videos – • Education – • Community – • Splunk Book – 26