Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Implementing Splunk 7, Third Edition

You're reading from   Implementing Splunk 7, Third Edition Effective operational intelligence to transform machine-generated data into valuable business insight

Arrow left icon
Product type Paperback
Published in Mar 2018
Publisher Packt
ISBN-13 9781788836289
Length 576 pages
Edition 3rd Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
James D. Miller James D. Miller
Author Profile Icon James D. Miller
James D. Miller
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. The Splunk Interface FREE CHAPTER 2. Understanding Search 3. Tables, Charts, and Fields 4. Data Models and Pivots 5. Simple XML Dashboards 6. Advanced Search Examples 7. Extending Search 8. Working with Apps 9. Building Advanced Dashboards 10. Summary Indexes and CSV Files 11. Configuring Splunk 12. Advanced Deployments 13. Extending Splunk 14. Machine Learning Toolkit

The home app

After logging in, the default app is the Launcher app (some refer to it as Home). This app is a launching pad for apps and tutorials.

Note that with your first login, Splunk will present a popup displaying Help us improve Splunk software that will ask you permission (Splunk) to collect information about your Splunk usage. It is up to you how to respond.

In earlier versions of Splunk, the Welcome tab provided two important shortcuts, Add data and Launch search app. In version 6.2.0, the Home app was divided into distinct areas or panes that provided easy access to Explore Splunk Enterprise (Add Data, Splunk Apps, Splunk Docs, and Splunk Answers) as well as Apps (the app management page), Search & Reporting (the link to the Search app), and an area where you can set your default dashboard (choose a home dashboard).

In version 7.0, the main page has not been changed very much, although you may notice some difference in the graphics. But the general layout remains the same, with the same panes and access to the same functionalities.

We'll cover apps and dashboards in later chapters of this book:

The Explore Splunk Enterprise pane shows the following links:

  • Product Tours (a change in 7.0): When you click here, you can select a specific tour for your review (Add Data Tour, Search Tour and Dashboards Tour).
Note: for first-timers, when you first click on any of the following links, Splunk will ask whether you'd like to pause and view a tour based on the link you chose. Of course, you always have the opportunity to go back at any time to the Product Tours link to review a tour.
  • Add Data: This links Add Data to the Splunk page. This interface is a great start for getting local data flowing into Splunk (making it available to Splunk users). The Preview data interface takes an enormous amount of complexity out of configuring dates and line breaking. We won't go through those interfaces here, but we will go through the configuration files that these wizards produce in Chapter 11, Configuring Splunk.

  • Splunk Apps: This allows you to find and install more apps from the Splunk Apps Marketplace (https://splunkbase.splunk.com). This marketplace is a useful resource where Splunk users and employees post Splunk apps, mostly free but some premium ones as well. Note that you will need to have a splunk.com user ID.

  • Splunk Docs: This is one of your links to the wide amount of Splunk documentation available, specifically https://answers.splunk.com, to come on board with the Splunk community on Splunkbase (https://splunkbase.splunk.com/) and get the best out of your Splunk deployment. In addition, this is where you can access http://docs.splunk.com/Documentation/Splunk for the very latest updates to documentation on (almost) any version of Splunk.

The Apps section shows the apps that have GUI elements on your instance of Splunk. App is an overloaded term in Splunk. An app doesn't necessarily have a GUI; it is simply a collection of configurations wrapped into a directory structure that means something to Splunk. We will discuss apps in a more detailed manner in Chapter 8, Working with Apps.

Search & Reporting is the link to the Splunk Search & Reporting app:

Beneath the Search & Reporting link, Splunk provides an outline that, when you hover over it, displays a Find More Apps balloon tip. Clicking on the link opens the (same) Browse more apps page as the Splunk Apps link mentioned earlier:

Choose a home dashboard provides an intuitive way to select an existing (simple XML) dashboard and set it as part of your Splunk Welcome or Home page. This sets you at a familiar starting point each time you enter Splunk. The following screenshot displays the Choose Default Dashboard dialog:

Once you select (from the drop-down list) an existing dashboard, it will be a part of your welcome screen every time you log in to Splunk—until you change it. There are no dashboards installed by default after installing Splunk, except the Search & Reporting app. Once you have created additional dashboards, they can be selected as the default.

You have been reading a chapter from
Implementing Splunk 7, Third Edition - Third Edition
Published in: Mar 2018
Publisher: Packt
ISBN-13: 9781788836289
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image