Implementing Splunk

Duration: 5 days

Please find the course objectives below:

Here's what we'll be covering throughout this highly stimulating course.

Introducing Splunk

  • Analytics in the Big Data age
  • Splunk Architecture
  • Splunk Features
  • Splunk UI
  • First steps into Splunk

Splunk UI

  • Overview
  • The Home app
  • The Top bar
  • The Search & Reporting app
  • Using the Time Picker
  • Using the Field Picker
  • The Settings section

Understanding Search

  • On the effective use of search terms
  • Boolean and grouping operators
  • Altering Searches
  • Searching using Fields
  • Searching using Wildcards
  • Searching using Time
  • Making searches faster
  • Persisting Searches & Search Results

Tables, Charts & Fields

  • Unix friendly Splunk : pipe
  • top
  • stats
  • chart
  • timechart
  • eval
  • regex

Data Models and Pivots

  • What is a Data Model?
  • What does a Data Model search?
  • Creating a Data Model
  • Lookup attributes
  • What is a Pivot?

XML Dashboards

  • Why?
  • Using Wizards to build Dashboards
  • Converting the panel to a report
  • Editing XML directly
  • Building forms
  • Autorun Dashboard
  • Scheduling Dashboards generation

Advanced Search Examples

  • Using Subsearches
  • Using transaction
  • Determining concurrency
  • Calculating events rate
  • Rebuilding top
  • Acceleration

Extending Search

  • Using tags to simplify searches
  • Using event types to categorize results
  • Using lookups to enrich data
  • Using macros to reuse logic
  • Creating workflow action
  • Using external commands

Working with Apps

  • Defining an app
  • Included apps
  • Installed apps
  • Building your first app
  • Editing navigation
  • Customizing the appearance of your app
  • Object permissions
  • The app directory structure

Building Advanced Dashboards

  • Why and why not?
  • The development process
  • The Advanced XML structure
  • Converting Simple XML to Advanced XML
  • Module logic flow
  • Understanding layoutPanel
  • Reusing a query
  • Using intentions
  • Creating a custom drilldown
  • 3rd party add-ons

Summary Indexes and CSV files

  • Understanding summary indexes
  • When and when not to use a summary index
  • Populating summary indexes with saved searches
  • Using summary index events in a query
  • Using sistats, sistop and sitimechart
  • How latency affects summary queries
  • How and when to backfill summary data
  • Reducing summary index size
  • Calculating top for a large time frame
  • Using CSV files to store transient data

Configuring Splunk

  • Locating Splunk configuration files
  • The structure of a Splunk configuration file
  • The configuration merging logic
  • An overview of Splunk-conf files
  • Using interface resources

Advanced Deployments

  • Planning your installation
  • Splunk instances types
  • Common data sources
  • Sizing Indexers
  • Planning Redundancy
  • Working with multiple indexes
  • Deploying the Splunk binary
  • Using apps to organize configuration
  • Configuring distribution
  • Using LDAP for authentication
  • Using Single Sign On
  • Load balancers and Splunk
  • Multiple search heads

Extending Splunk

  • Writing a scripted input to gather data
  • Using Splunk from the command line
  • Querying Splunk via REST
  • Writing commands
  • Writing a scripted lookup to enrich data
  • Writing an event renderer
  • Writing a scripted alert action to process results
  • Hunk

Splunk Training Session Review

This fascinating course is based on excellent source material provided by the book, "Implementing Splunk" by Vincent Bumgarner and James D. Miller.

For an onsite course please contact us