Helion


Szczegóły ebooka

Mastering Splunk 8

Mastering Splunk 8

James D. Miller

Kup pozycję na ebookpoint.pl

Splunk is the most widely used engine for working with machine-generated data. This expert-level guide will help you to leverage advanced use cases to drive business growth using operational intelligence and business analytics features.

You'll start with an introduction to the new features in Splunk 8 and cover step-by-step exercises that will help you to understand each feature in depth. Next, you'll explore key tasks such as workload management, performance and alerting, Splunk Enterprise Security, and advanced indexing. You'll also learn how to create categorical charts and run analytical operations on metrics within the Splunk Analytics workspace, before understanding how to deliver insights across your organization even when faced with limited or complex data using advanced data analytics. The book will also show you how to monitor and maintain Splunk environments using advanced dashboards. Later, you'll create custom data visualizations and update dashboards using drag and drop and the UI-based dashboard editor. Finally, you'll add SplunkJS to a web app and use the Splunk Machine Learning Toolkit (MLTK) as an extension to the core Splunk platform using real-world use cases.

By the end of this book, you'll have learned how to use various Splunk features to extend intelligence capabilities and perform machine learning to explore data effectively.

  • Mastering Splunk 8
  • Why subscribe?
  • Contributors
  • About the author
  • About the reviewers
  • Packt is searching for authors like you
  • Preface
    • Who this book is for
    • What this book covers
    • To get the most out of this book
    • Download the example code files
    • Download the color images
    • Conventions used
    • Get in touch
    • Reviews
  • Section 1: Fundamentals of Splunk 8
  • Chapter 1: Overview of Splunk
    • Exploring Splunk and its key features
      • Horizontal technologies
      • Understanding the seven key features
    • Exploring Splunk 8.0s features
      • Moving to Python 3.7
      • Enhanced workload management
      • Analytics Workspace
      • Alert grouping
      • Histogram metric datatype support
      • HEC timestamp extraction
      • Monitoring and operability enrichments
      • Other optimizations of importance
      • Splunk dashboards (public beta)
      • Some other quick thoughts
    • Implementing Python 3.7
      • Python 3 Readiness
    • An example use case
      • Adding data
      • Searching the data source
      • Saving your search
      • Adding an alert
      • Reviewing and editing
    • Summary
  • Section 2: Splunk Administration
  • Chapter 2: Splunk Administration Workload Management
    • About resource allocation
    • Critical resources
      • Virtual machines
    • The Monitoring Console
      • Resource usage dashboards
      • Dashboard interpretation
      • Resource usage deployment
      • CPU usage
      • Physical memory
      • Resource usage machine/instance
    • Dashboard review hints
    • Workload monitoring techniques
      • The Monitoring Console and workload management
    • The health report
      • Splunk feature settings
      • Health alerts
    • Why workload management?
      • Workload management advantages
      • Splunk Workload Management feature
      • The basics of Workload Management
      • The rules-based framework
    • Scheduling workloads schedule-based rules
      • Getting going
      • In closing
    • Summary
  • Chapter 3: Performance, Statistics, and Alerting in Splunk
    • Exploring data in Splunk
      • The data pipeline
      • Splunk components
    • Understanding storage
    • Storage metrics
      • Creating a metrics index
      • Searching metrics
    • Logs2Metrics
    • Alerting
      • Scheduled alert illustration
    • Summary
  • Chapter 4: Splunk AdministrationSecurity
    • Security and security enhancements
      • Roles
      • Users
      • Tokens
      • Password management
    • Granular access controls
    • Role management
      • Permission granularity and customized roles
    • Authentication
      • Authentication methods
    • Summary
  • Chapter 5: Advanced Indexing
    • Splunk deployment basics
    • Understanding index clustering and replication
      • More copies of data means higher storage requirements
      • Enabling clustering
      • Editing and configuring the master node
      • Configuring bundle actions
      • Data rebalancing
      • Performing an index cluster rolling restart
      • Disabling clustering
    • Single-site index clusters
    • Multi-site index clusters
    • Disaster recovery sites
      • Backing up the master node
      • Practicing recovery
    • Special multi-site configurations the site replication factor
      • Converting the multi-site index cluster
      • Converting the single-site index cluster
    • Summary
  • Chapter 6: Splunk Integration with Azure and AWS
    • Splunk integration strategy
      • Using an app
      • Finding an app
    • Integrating Azure
      • Connecting to the Azure app account
    • Integrating with AWS
      • Integration
      • Configuration
      • Setting up the input
      • Getting ready to search AWS logs
    • Summary
  • Section 3: Advanced Reporting and Dashboards
  • Chapter 7: Advanced Reporting Analytics Workspace
    • Workspace review
      • Workspace layout
      • Using the analytics workspace
      • Loading the data
      • Analyzing with the workspace
      • Using Split By
    • Categorical charts
      • Multiple metrics
    • Running analytical operations
      • Aggregation
      • Comparing time range
      • Filtering data
      • Stacking time series
    • Adding reference lines
    • Streaming alerts
      • Management of alerts
    • Expanding the time range picker
      • Zooming to a time range
    • Summary
  • Chapter 8: Advanced Reporting Histogram Metric Data Types
    • Understanding Splunk metrics data types
      • Histograms
    • Histogram metrics
      • Example of histogram metric use cases
      • Ingesting histogram metrics
      • Validation
      • Histogram metrics before and after indexing
      • Prometheus
      • Searching histogram metrics
    • Summary
  • Chapter 9: Search Performance Considerations
    • Gauging performance
      • Some typical causes
      • Addressing search performance through architecture
    • Adding indexers
      • Scaling up
      • Configuring the indexer
      • Using multiple indexers to improve performance
      • Single search head
    • Additional search heads
      • Adding an additional search head
    • Search head clustering
    • Summary
  • Chapter 10: Advanced Reporting Using Macros
    • Understanding macros and SPL
      • Macro previewing
      • Macros and generating commands
      • Search macro arguments
      • Argument example
      • Macro definitions
    • Creating a macro
    • Summary
  • Chapter 11: Dashboards Advanced Data Analytics
    • Fundamentals of analytics frameworks
      • Analytics projects
    • Exploratory data analysisexploring data
      • Determining the data details
      • Establishing relevancy
      • Performing EDA with Splunk
    • Transaction and transactional analysis
      • An example of transactional analysis
    • Summary
  • Chapter 12: Dashboards Correlating Events
    • Understanding catalytic events and correlations
    • Understanding event correlation
      • Transaction-based correlations
      • Time/geolocation-based correlations
      • Subsearch-based correlations
      • Lookup-based correlations
      • Join-based correlations
    • Event correlation dashboards
      • Ways to use event correlation in dashboards
      • Identifying an overall goal/objective
      • Identifying the specific KPIs or catalytic events
      • Developing individual SPL queries/correlation searches
      • Creating the panels and constructing the dashboard
    • Summary
  • Chapter 13: Dashboards Workflow Actions
    • Understanding knowledge objects
      • Tags
      • Knowledge object managers
    • Mastering workflows
      • Creating a workflow action using Splunk web
      • Another workflow action example
      • Secondary search workflow action example
    • Summary
  • Chapter 14: Dashboards Monitoring and Operability
    • Monitoring without searching
      • Simple search example
    • Using the Splunk Add-on for Windows
      • Monitoring disk activity
    • Creating single-page trending metrics
    • Exploring Splunk platform instrumentation
    • Exploring the Splunk Monitoring Console
      • Accessing the Monitoring Console
    • Performing trigger-based diagnostics
    • Summary
  • Chapter 15: Dashboards Custom Visualizations
    • Understanding dashboards and their look and feel
      • Splunk dashboards
    • Building a new Splunk dashboard
      • Accessing the editor
      • Starting with a search
      • Saving a panel
      • Changing the theme
      • Adding a heat map overlay
      • Adding images and icons
    • Exploring the Beta app
      • Converting an existing dashboard
      • Resizing the canvas
      • Setting a custom background
      • The dashboard editing bar
      • Editing the visualization source code
      • Comparing the old and new editor
      • Adding a visualization
    • Summary
  • Section 4: What Next?
  • Chapter 16: Machine Learning Overview
    • Machine learning with Splunk
    • Overview of the Splunk MLTK
      • What is the MLTK?
    • Implementing an MLTK use case
      • What questions can the MLTK help with?
      • Uploading the data
      • Populating model fields
      • Selecting the algorithm
      • Fitting the model
      • Looking at the results
      • Other algorithm options
      • Naming the model
      • Answering questions
      • Exploring the Experiments menu
      • Refining the model
    • Summary
  • Chapter 17: Splunk Next
    • What is Splunk Next?
    • Splunk Business Flow
    • Splunk Data Fabric Search
    • Splunk Data Stream Processor
    • Splunk Cloud Gateway
    • Splunk Augmented Reality
      • Setting up AR with workspaces
    • Splunk Natural Language (beta)
      • Giving back
    • Splunk Insights for web and mobile
    • Mobile apps
    • Splunk TV
    • Summary
  • Chapter 18: Dashboards SplunkJS
    • Understanding SplunkJS
    • Getting started with SplunkJS
    • SplunkJS and Splunk apps
      • Creating a Splunk app
      • Creating a dashboard in SimpleXML using the dashboard editor
      • Modifying the dashboard by adding a SimpleXML extension to it
      • Modifying the dashboard by converting it to HTML
      • Dashboard conversion example
      • Getting back to our app
      • Style sheets and custom tables
    • Adding SplunkJS to a web app
    • Summary
  • Other Books You May Enjoy
    • Leave a review - let other readers know what you think