Advanced Splunk : master the art of getting the maximum out of your machine data using Splunk / Ashish Kumar Tulsiram Yadav.

Format:

Book

Author/Creator:

Yadav, Ashish Kumar Tulsiram, author.

Series:

Professional expertise distilled.

Professional expertise distilled

Language:

English

Subjects (All):

Big data.

Data mining.

Automatic data collection systems.

Physical Description:

1 online resource (348 pages) : color illustrations.

Edition:

1.

Place of Publication:

Birmingham : Packt Publishing, 2016.

System Details:

text file

Biography/History:

Tulsiram Yadav Ashish Kumar: Ashish Kumar Tulsiram Yadav is a BE in computers and has around four and a half years of experience in software development, data analytics, and information security, and around four years of experience in Splunk application development and administration. He has experience of creating Splunk applications and add-ons, managing Splunk deployments, machine learning using R and Python, and analytics and visualization using various tools, such as Tableau and QlikView. He is currently working with the information security operations team, handling the Splunk Enterprise security and cyber security of the organization. He has worked as a senior software engineer at Larsen & Toubro Technology Services in the telecom consumer electronics and semicon unit providing data analytics on a wide variety of domains, such as mobile devices, telecom infrastructure, embedded devices, Internet of Things (IOT), Machine to Machine (M2M), entertainment devices, and network and storage devices. He has also worked in the area of information, network, and cyber security in his previous organization. He has experience in OMA LWM2M for device management and remote monitoring of IOT and M2M devices and is well versed in big data and the Hadoop ecosystem. He is a passionate ethical hacker, security enthusiast, and Linux expert and has knowledge of Python, R, .NET, HTML5, CSS, and the C language. He is an avid blogger and writes about ethical hacking and cyber security on his blogs in his free time. He is a gadget freak and keeps on writing reviews on various gadgets he owns. He has participated in and has been a winner of hackathons, technical paper presentations, white papers, and so on.

Summary:

Master the art of getting the maximum out of your machine data using Splunk About This Book A practical and comprehensive guide to the advanced functions of Splunk,, including the new features of Splunk 6.3 Develop and manage your own Splunk apps for greater insight from your machine data Full coverage of high-level Splunk techniques including advanced searches, manipulations, and visualization Who This Book Is For This book is for Splunk developers looking to learn advanced strategies to deal with big data from an enterprise architectural perspective. It is expected that readers have a basic understanding and knowledge of using Splunk Enterprise. What You Will Learn Find out how to develop and manage apps in Splunk Work with important search commands to perform data analytics on uploaded data Create visualizations in Splunk Explore tweaking Splunk Integrate Splunk with any pre-existing application to perform data crunching efficiently and in real time Make your big data speak with analytics and visualizations using Splunk Use SDK and Enterprise integration with tools such as R and Tableau In Detail Master the power of Splunk and learn the advanced strategies to get the most out of your machine data with this practical advanced guide. Make sense of the hidden data of your organization ? the insight of your servers, devices, logs, traffic and clouds. Advanced Splunk shows you how. Dive deep into Splunk to find the most efficient solution to your data problems. Create the robust Splunk solutions you need to make informed decisions in big data machine analytics. From visualizations to enterprise integration, this well-organized high level guide has everything you need for Splunk mastery. Start with a complete overview of all the new features and advantages of the latest version of Splunk and the Splunk Environment. Go hands on with uploading data, search commands for basic and advanced analytics, advanced visualization techniques, and dashboard customizing. Discover how to tweak Splunk to your needs, and get a complete on Enterprise Integration of Splunk with various analytics and visualization tools. Finally, discover how to set up and use all the new features of the latest version of Splunk. Style and approach This book follows a step by step approach. Every new concept is built on top of its previous chapter, and it is full of examples and practical scenarios to help the reader experiment as they read.

Contents:

Cover

Copyright

Credits

About the Author

Acknowledgements

About the Reviewer

www.PacktPub.com

Table of Contents

Preface

Chapter 1: What's new in Splunk 6.3?

Splunk's architecture

The need for parallelization

Index parallelization

Search parallelization

Pipeline parallelization

The search scheduler

Summary parallelization

Data integrity control

Intelligent job scheduling

The app key-value store

System requirements

Uses of the key-value store

Components of the key-value store

Managing key-value store collections via REST

Examples

Replication of the key-value store

Splunk Enterprise Security

Enabling HTTPS for Splunk Web

Enabling HTTPS for the Splunk forwarder

Securing a password with Splunk

The access control list

Authentication using SAML

Summary

Chapter 2: Developing an Application on Splunk

Splunk apps and technology add-ons

What is a Splunk app?

What is a technology add-on?

Developing a Splunk app

Creating the Splunk application and technology add-on

Packaging the application

Installing a Splunk app via Splunk Web

Installing the Splunk app manually

Developing a Splunk add-on

Building an add-on

Installing a technology add-on

Managing Splunk apps and add-ons

Splunk apps from the app store

Chapter 3: On-Boarding Data in Splunk

Deep diving into various input methods and sources

Data sources

Structured data

Web and cloud services

IT operations and network security

Databases

Application and operating system data

Data input methods

Files and directories

Network sources

Windows data

Adding data to Splunk-new interfaces

HTTP Event Collector and configuration

HTTP Event Collector

Configuration via Splunk Web

Managing the Event Collector token.

The JSON API format

Authentication

Metadata

Event data

Data processing

Event configuration

Character encoding

Event line breaking

Timestamp configuration

Host configuration

Configuring a static host value - files and directories

Configuring a dynamic host value - files and directories

Configuring a host value - events

Managing event segmentation

Improving the data input process

Chapter 4: Data Analytics

Data and indexes

Accessing data

The index command

The eventcount command

The datamodel command

The dbinspect command

The crawl command

Managing data

The input command

The delete command

The clean command

Summary indexing

Search

The search command

The sendmail command

The localop command

Subsearch

The append command

The appendcols command

The appendpipe command

The join command

Time

The reltime command

The localize command

Fields

The eval command

The xmlkv command

The spath command

The makemv command

The fillnull command

The filldown command

The replace command

Results

The fields command

The searchtxn command

The head / tail command

The inputcsv command

The outputcsv command

Chapter 5: Advanced Data Analytics

Reports

The makecontinuous command

The addtotals command

The xyseries command

Geography and location

The iplocation command

The geostats command

Anomalies

The anomalies command

The anomalousvalue command

The cluster command

The kmeans command

The outlier command

The rare command

Predicting and trending

The predict command

The trendline command

The x11 command

Correlation

The correlate command

The associate command

The diff command

The contingency command

Machine learning

Summary.

Chapter 6: Visualization

Prerequisites - configuration settings

Tables

Tables - Data overlay

Tables - Sparkline

Sparkline - Filling and changing color

Sparkline - The max value indicator

Sparkline - A bar style

Tables - An icon set

Single value

Charts

Charts - Coloring

Chart overlay

Bubble charts

Drilldown

Dynamic drilldown

The x-axis or y-axis value as a token to a form

Dynamic drilldown to pass a respective row's specific column value

Dynamic drilldown to pass a fieldname of a clicked value

Contextual drilldown

The URL field value drilldown

Single value drilldown

Chapter 7: Advanced Visualization

Sunburst sequence

What is a sunburst sequence?

Example

Implementation

Geospatial visualization

Syntax

Search query

Punchcard visualization

Calendar heatmap visualization

The Sankey diagram

Parallel coordinates

The force directed graph

Custom chart overlay

Custom decorations

What is the use of such custom decorations?

Chapter 8: Dashboard Customization

Dashboard controls

HTML dashboard

Display controls

Example and implementation

Form input controls

Panel controls

Multisearch management

Tokens

Eval tokens

Syntax of the eval token

Custom tokens

Null search swapper

Switcher

Link switcher

Example and implementation.

Button switcher

Chapter 9: Advanced Dashboard Customization

Layout customization

Panel width

Grouping

Panel toggle

Image overlay

Custom look and feel

The custom alert action

What is alerting?

Alerting

The features

Chapter 10: Tweaking Splunk

Index replication

Standalone environment

Distributed environment

Replication

Searching

Failures

Indexer auto-discovery

Sourcetype manager

Field extractor

Accessing field extractor

Using field extractor

Regular expression

Delimiter

Search history

Event pattern detection

Data acceleration

Need for data acceleration

Data model acceleration

Splunk buckets

Search optimizations

Time range

Search modes

Scope of searching

Search terms

Splunk health

splunkd log

Search log

Chapter 11: Enterprise Integration with Splunk

The Splunk SDK

Installing the Splunk SDK

The Splunk SDK for Python

Importing the Splunk API in Python

Connecting and authenticating the Splunk server

Splunk APIs

Creating and deleting an index

Creating input

Uploading files

Saved searches

Splunk searches

Splunk with R for analytics

The setup

Using R with Splunk

Splunk with Tableau for visualization

Using Tableau with Splunk

Chapter 12: What Next? Splunk 6.4

Storage optimization

Management and admin

Indexer and search head enhancement

Visualizations

Multi-search management

Enhanced alert actions

Index.

Notes:

Includes index.

Description based on online resource; title from PDF title page (ebrary, viewed March 6, 2017).

ISBN:

9781785881213

1785881213

OCLC:

951807497