Implementing Splunk - Second Edition

 
 
Packt Publishing Limited
  • 1. Auflage
  • |
  • erschienen am 28. Juli 2015
  • |
  • 506 Seiten
 
E-Book | ePUB mit Adobe DRM | Systemvoraussetzungen
978-1-78439-930-6 (ISBN)
 
Splunk is a type of analysis and reporting software for analyzing machine-generated Big Data. It captures, indexes, and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations. It aims to make machine data accessible across an organization for a variety of purposes.Implementing Splunk Second Edition is a learning guide that introduces you to all the latest features and improvements of Splunk 6.2. The book starts by introducing you to various concepts such as charting, reporting, clustering, and visualization. Every chapter is dedicated to enhancing your knowledge of a specific concept, including data models and pivots, speeding up your queries, backfilling, data replication, and so on. By the end of the book, you'll have a very good understanding of Splunk and be able to perform efficient data analysis.
  • Englisch
  • Birmingham
  • Überarbeitete Ausgabe
978-1-78439-930-6 (9781784399306)
1784399302 (1784399302)
weitere Ausgaben werden ermittelt
Vincent Bumgarner has been designing software for over 20 years, working with many languages on nearly as many platforms. He started using Splunk in 2007 and has enjoyed watching the product evolve over the years. While working for Splunk, he has helped many companies train dozens of users to drive, extend, and administer this extremely flexible product. At least one person in every company he has worked with has asked for a book, and he hopes that this book will help fill their shelves. James D. Miller is an IBM-certified, accomplished senior engagement leader and application / system architect / developer / integrator with over 35 years of extensive application and system design and development experience. He has held positions such as National FPM practice leader, certified solutions expert, technical leader, technical instructor, and best practice evangelist. His experience includes business intelligence, predictive analytics, web architecture and design, business process analysis, GUI design and testing, data and database modeling and systems analysis, design, and development of applications, systems and models based on cloud, client/server, web and mainframe. His responsibilities have included all aspects of solution design and development, including business process analysis and reengineering, requirement documentation, estimating and planning/management of projects, architectural evaluation and optimization, test preparation, and the management of resources. Other experience includes the development of ETL infrastructures-such as data transfer automation between mainframe (DB2, Lawson, Great Plains, and so on) systems and the client/server model-based SQL server-web-based applications, and the integration of enterprise applications and data sources. In addition, he has acted as an Internet application development manager and was responsible for the design, development, QA, and delivery of multiple websites, including online trading applications, warehouse process control and scheduling systems, and administrative and control applications. Mr. Miller was also responsible for the design, development, and administration of a web-based financial reporting system for a $450-million organization, reporting directly to the CFO and his executive team. In various other leadership roles, such as project and team leader, lead developer, and applications development director, Mr. Miller has managed and directed multiple resources using a variety of technologies and platforms. James has authored IBM Cognos TM1 Developer's Certification Guide and Mastering Splunk, both by Packt Publishing and a number of whitepapers on best practices, such as Establishing a Center of Excellence. He continues to post blogs on a number of relevant topics based on personal experiences and industry best practices. James also holds the following current technical certifications: * IBM Certified Developer Cognos TM1 * IBM Certified Analyst Cognos TM1 * IBM Certified Administrator Cognos TM1 * IBM Cognos 10 BI Administrator C2020-622 * IBM Cognos TM1 Master 385 Certification * IBM OpenPages Developer Fundamentals C2020-001-ENU * IBM Certified Advanced Solution Expert Cognos TM1 His technology specialties include IBM Cognos BI and TM1, SPSS, Splunk, dynaSight/ArcPlan, ASP, DHTML, XML, IIS, MS Visual Basic and VBA, Visual Studio, PERL, WebSuite, MS SQL Server, Oracle, SQL Server on Sybase, miscellaneous OLAP tools, and so on.
  • Cover
  • Copyright
  • Credits
  • About the Authors
  • About the Reviewers
  • www.PacktPub.com
  • Table of Contents
  • Preface
  • Chapter 1: The Splunk Interface
  • Logging into Splunk
  • The home app
  • The top bar
  • The search & reporting app
  • Data generator
  • The summary view
  • Search
  • Actions
  • Timeline
  • The field picker
  • Fields
  • Search results
  • Options
  • The events viewer
  • Using the time picker
  • Using the field picker
  • The settings section
  • Summary
  • Chapter 2: Understanding Search
  • Using search terms effectively
  • Boolean and grouping operators
  • Clicking to modify your search
  • Event segmentation
  • Field widgets
  • Time
  • Using fields to search
  • Using the field picker
  • Using wildcards efficiently
  • Supplementing wildcards in fields
  • All about time
  • How Splunk parses time
  • How Splunk stores time
  • How Splunk displays time
  • How time zones are determined and why it matters
  • Different ways to search against time
  • Presets
  • Relative
  • Real-time
  • Date range
  • Date and time range
  • Advanced
  • Specifying time in-line in your search
  • _indextime versus _time
  • Making searches faster
  • Sharing results with others
  • The URL
  • Save as report
  • Save as dashboard panel
  • Save as alert
  • Save as event type
  • Search job settings
  • Saving searches for reuse
  • Creating alerts from searches
  • Enable actions
  • Action options
  • Sharing
  • Summary
  • Chapter 3: Tables, Charts, and Fields
  • About the pipe symbol
  • Using top to show common field values
  • Controlling the output of top
  • Using stats to aggregate values
  • Using chart to turn data
  • Using timechart to show values over time
  • The timechart options
  • Working with fields
  • A regular expression primer
  • Commands that create fields
  • eval
  • rex
  • Extracting loglevel
  • Using the extract fields interface
  • Using rex to prototype a field
  • Using the admin interface to build a field
  • Indexed fields versus extracted fields
  • Summary
  • Chapter 4: Data Models and Pivots
  • What is a data model?
  • What does a data model search?
  • Data model objects
  • Object constraining
  • Attributes
  • Creating a data model
  • Filling in the new data model dialog
  • Editing attributes
  • Lookup attributes
  • Children
  • What is a pivot?
  • The pivot editor
  • Working with pivot elements
  • Filtering your pivots
  • Split (row or column)
  • Column values
  • Pivot table formatting
  • A quick example
  • Sparklines
  • Summary
  • Chapter 5: Simple XML Dashboards
  • The purpose of dashboards
  • Using wizards to build dashboards
  • Adding another panel
  • A cool trick
  • Converting the panel to a report
  • More options
  • Back to the dashboard
  • Add input
  • Edit source
  • Editing XML directly
  • UI examples app
  • Building forms
  • Creating a form from a dashboard
  • Driving multiple panels from one form
  • Post-processing search results
  • Post-processing limitations
  • Features replaced
  • Autorun dashboard
  • Scheduling the generation of dashboards
  • Summary
  • Chapter 6: Advanced Search Examples
  • Using subsearches to find loosely related events
  • Subsearch
  • Subsearch caveats
  • Nested subsearches
  • Using transaction
  • Using transaction to determine the session's length
  • Calculating the aggregate of transaction statistics
  • Combining subsearches with transaction
  • Determining concurrency
  • Using transaction with concurrency
  • Using concurrency to estimate server load
  • Calculating concurrency with a by clause
  • Calculating events per slice of time
  • Using timechart
  • Calculating average requests per minute
  • Calculating average events per minute, per hour
  • Rebuilding top
  • Acceleration
  • Big data - summary strategy
  • Report acceleration
  • Report acceleration availability
  • Summary
  • Chapter 7: Extending Search
  • Using tags to simplify search
  • Using event types to categorize results
  • Using lookups to enrich data
  • Defining a lookup table file
  • Defining a lookup definition
  • Defining an automatic lookup
  • Troubleshooting lookups
  • Using macros to reuse logic
  • Creating a simple macro
  • Creating a macro with arguments
  • Creating workflow actions
  • Running a new search using values from an event
  • Linking to an external site
  • Building a workflow action to show field context
  • Building the context workflow action
  • Building the context macro
  • Using external commands
  • Extracting values from XML
  • xmlkv
  • XPath
  • Using Google to generate results
  • Summary
  • Chapter 8: Working with Apps
  • Defining an app
  • Included apps
  • Installing apps
  • Installing apps from Splunkbase
  • Using Geo Location Lookup Script
  • Using Google Maps
  • Installing apps from a file
  • Building your first app
  • Editing navigation
  • Customizing the appearance of your app
  • Customizing the launcher icon
  • Using custom CSS
  • Using custom HTML
  • Custom HTML in a simple dashboard
  • Using server-side include in a complex dashboard
  • Object permissions
  • How permissions affect navigation
  • How permissions affect other objects
  • Correcting permission problems
  • The app directory structure
  • Adding your app to Splunkbase
  • Preparing your app
  • Confirming sharing settings
  • Cleaning up our directories
  • Packaging your app
  • Uploading your app
  • Summary
  • Chapter 9: Building Advanced Dashboards
  • Reasons for working with advanced XML
  • Reasons for not working with advanced XML
  • Development process
  • The advanced XML structure
  • Converting simple XML to advanced XML
  • Module logic flow
  • Understanding layoutPanel
  • Panel placement
  • Reusing a query
  • Using intentions
  • stringreplace
  • addterm
  • Creating a custom drilldown
  • Building a drilldown to a custom query
  • Building a drilldown to another panel
  • Building a drilldown to multiple panels using HiddenPostProcess
  • Third-party add-ons
  • Google Maps
  • Sideview Utils
  • The Sideview search module
  • Linking views with Sideview
  • Sideview URLLoader
  • Sideview forms
  • Summary
  • Chapter 10: Summary Indexes and CSV Files
  • Understanding summary indexes
  • Creating a summary index
  • When to use a summary index
  • When not to use a summary index
  • Populating summary indexes with saved searches
  • Using summary index events in a query
  • Using sistats, sitop, and sitimechart
  • How latency affects summary queries
  • How and when to backfill summary data
  • Using fill_summary_index.py to backfill
  • Using collect to produce custom summary indexes
  • Reducing summary index size
  • Using eval and rex to define grouping fields
  • Using a lookup with wildcards
  • Using event types to group results
  • Calculating top for a large time frame
  • Summary index searches
  • Using CSV files to store transient data
  • Pre-populating a dropdown
  • Creating a running calculation for a day
  • Summary
  • Chapter 11: Configuring Splunk
  • Locating Splunk configuration files
  • The structure of a Splunk configuration file
  • The configuration merging logic
  • The merging order
  • The merging order outside of search
  • The merging order when searching
  • The configuration merging logic
  • Configuration merging - example 1
  • Configuration merging - example 2
  • Configuration merging - example 3
  • Configuration merging - example 4 - search
  • Using btool
  • An overview of Splunk .conf files
  • props.conf
  • Common attributes
  • Stanza types
  • Priorities inside a type
  • Attributes with class
  • inputs.conf
  • Common input attributes
  • Files as inputs
  • Network inputs
  • Native Windows inputs
  • Scripts as inputs
  • transforms.conf
  • Creating indexed fields
  • Modifying metadata fields
  • Lookup definitions
  • Using REPORT
  • Chaining transforms
  • Dropping events
  • fields.conf
  • outputs.conf
  • indexes.conf
  • authorize.conf
  • savedsearches.conf
  • times.conf
  • commands.conf
  • web.conf
  • User interface resources
  • Views and navigation
  • Appserver resources
  • Metadata
  • Summary
  • Chapter 12: Advanced Deployments
  • Planning your installation
  • Splunk instance types
  • Splunk forwarders
  • Splunk indexer
  • Splunk search
  • Common data sources
  • Monitoring logs on servers
  • Monitoring logs on a shared drive
  • Consuming logs in batch
  • Receiving syslog events
  • Receiving events directly on the Splunk indexer
  • Using a native syslog receiver
  • Receiving syslog with a Splunk forwarder
  • Consuming logs from a database
  • Using scripts to gather data
  • Sizing indexers
  • Planning redundancy
  • The replication factor
  • Configuring your replication factors
  • Indexer load balancing
  • Understanding typical outages
  • Working with multiple indexes
  • The directory structure of an index
  • When to create more indexes
  • Testing data
  • Differing longevity
  • Differing permissions
  • Using more indexes to increase performance
  • The lifecycle of a bucket
  • Sizing an index
  • Using volumes to manage multiple indexes
  • Deploying the Splunk binary
  • Deploying from a tar file
  • Deploying using msiexec
  • Adding a base configuration
  • Configuring Splunk to launch at boot
  • Using apps to organize configuration
  • Separate configurations by purpose
  • Configuration distribution
  • Using your own deployment system
  • Using the Splunk deployment server
  • Step 1 - deciding where your deployment server will run from
  • Step 2 - defining your deploymentclient.conf configuration
  • Step 3 - defining our machine types and locations
  • Step 4 - normalizing our configurations into apps appropriately
  • Step 5 - mapping these apps to deployment clients in serverclass.conf
  • Step 6 - restarting the deployment server
  • Step 7 - installing deploymentclient.conf
  • Using LDAP for authentication
  • Using Single Sign On
  • Load balancers and Splunk
  • web
  • splunktcp
  • The deployment server
  • Multiple search heads
  • Summary
  • Chapter 13: Extending Splunk
  • Writing a scripted input to gather data
  • Capturing script output with no date
  • Capturing script output as a single event
  • Making a long-running scripted input
  • Using Splunk from the command line
  • Querying Splunk via REST
  • Writing commands
  • When not to write a command
  • When to write a command
  • Configuring commands
  • Adding fields
  • Manipulating data
  • Transforming data
  • Generating data
  • Writing a scripted lookup to enrich data
  • Writing an event renderer
  • Using specific fields
  • A table of fields based on field value
  • Pretty print XML
  • Writing a scripted alert action to process results
  • Hunk
  • Summary
  • Index

Dateiformat: EPUB
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat EPUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Download (sofort verfügbar)

43,65 €
inkl. 19% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe DRM
siehe Systemvoraussetzungen
E-Book bestellen

Unsere Web-Seiten verwenden Cookies. Mit der Nutzung des WebShops erklären Sie sich damit einverstanden. Mehr Informationen finden Sie in unserem Datenschutzhinweis. Ok