PART I: EXPLORING SPLUNK

Machine Data Basics

• Application Logs
  
• Web Access Logs
  
• Web Proxy Logs
  
• Call Detail Records
  
• Clickstream Data
  
• Message Queuing
  
• Packet Data
  
• Configuration Files
  
• Database Audit Logs and Tables
  
• File System Audit Logs
  
• Management and Logging APIs                                        
  
• OS Metrics, Status, and Diagnostic Commands
  
• Other Machine Data Sources

The Story of Splunk

• Splunk to the Rescue in the Datacenter
  
• Splunk to the Rescue in the Marketing Department
  
• Approaching Splunk
  
• Splunk: The Company and the Concept
  
• How Splunk Mastered Machine Data in the Datacenter
  
• Operational Intelligence
  
• Operational Intelligence at Work

Getting Data In

• Machine Data Basics
  
• Types of Data Splunk Can Read
  
• Splunk Data Sources
  
• Downloading, Installing, and Starting Splunk
  
• Bringing Data in for Indexing
  
• Understanding How Splunk Indexes Data

Searching with Splunk

• The Search Dashboard
  
• SPL™: Search Processing Language
  
• Pipes
  
• Implied AND
  
• top user
  
• fields – percent
  
• The search Command
  
• Tips for Using the search Command
  
• Subsearches

SPL: Search Processing Language

• Sorting Results
  
• sort
  
• Filtering Results
  
• where
  
• dedup
  
• head
  
• Grouping Results
  
• transaction
  
• Reporting Results
  
• top
  
• stats
  
• chart
  
• timechart
  
• Filtering, Modifying, and Adding Fields
  
• fields
  
• replace
  
• eval
  
• rex
  
• lookup

Enriching Your Data

• Using Splunk to Understand Data
  
• Identifying Fields: Looking at the Pieces of the Puzzle
  
• Exploring the Data to Understand its Scope
  
• Preparing for Reporting and Aggregation
  
• Visualizing Data
  
• Creating Visualizations
  
• Creating Dashboards
  
• Creating Alerts
  
• Creating Alerts through a Wizard
  
• Tuning Alerts Using Manager
  
• Customizing Actions for Alerting
  
• The Alerts Manager

Recipes for Monitoring and Alerting

• Monitoring Recipes
  
• Monitoring Concurrent Users
  
• Monitoring Inactive Hosts
  
• Reporting on Categorized Data
  
• Comparing Today’s Top Values to Last Month’s
  
• Finding Metrics That Fell by 10% in an Hour
  
• Charting Week Over Week Results
  
• Identify Spikes in Your Data
  
• Compacting Time-Based Charting
  
• Reporting on Fields Inside XML or JSON
  
• Extracting Fields from an Event
  
• Alerting Recipes
  
• Alerting by Email when a Server Hits a Predefined Load
  
• Alerting When Web Server Performance Slows
  
• Shutting Down Unneeded EC2 Instances
  
• Converting Monitoring to Alerting

Grouping Events

• Introduction
  
• Recipes
  
• Unifying Field Names
  
• Finding Incomplete Transactions
  
• Calculating Times within Transactions
  
• Finding the Latest Events
  
• Finding Repeated Events
  
• Time Between Transactions
  
• Finding Specific Transactions
  
• Finding Events Near Other Events
  
• Finding Events After Events
  
• Grouping Groups

Lookup Tables

• Introduction
  
• lookup
  
• inputlookup
  
• outputlookup
  
• Further Reading
  
• Recipes
  
• Setting Default Lookup Values
  
• Using Reverse Lookups
  
• Using a Two-Tiered Lookup
  
• Using Multistep Lookups
  
• Creating a Lookup Table from Search Results
  
• Appending Results to Lookup Tables
  
• Using Massive Lookup Tables
  
• Comparing Results to Lookup Values
  
• Controlling Lookup Matches
  
• Matching IPs
  
• Matching with Wildcards

Splunk Quick Reference Guide & Advanced topics

• Case Sensitivity
  
• Top Commands
  
• Top Resources
  
• Events
  
• Sources and Sourcetypes
  
• Hosts
  
• Indexes
  
• Fields
  
• Tags
  
• Event Types
  
• Reports and Dashboards
  
• Apps
  
• Permissions/Users/Roles
  
• Transactions
  
• Forwarder/Indexer
  
• SPL
  
• Subsearches
  
• Relative Time Modifiers
  
• Common Search Commands
  
• Optimizing Searches
  
• Search Examples
  
• Eval Functions
  
• Common Stats Functions
  
• Regular Expressions
  
• Common Splunk STRPTIME Functions