Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Conventions used
• Get in touch
• Share Your Thoughts

1. Part 1: Getting Started with Splunk

2. Chapter 1: Introduction to Splunk and its Core Components FREE CHAPTER

• Splunking big data
• Exploring Splunk components
• Introducing the case study – splunking the 
BOTS Dataset v1
• Summary

3. Chapter 2: Setting Up the Splunk Environment

• Technical requirements
• Installing Splunk Enterprise
• Setting up Splunk forwarders
• Setting up Splunk deployment servers
• Setting up Splunk indexers
• Setting up Splunk search heads
• Installing additional Splunk add-ons and apps
• Managing access to Splunk
• Summary

4. Chapter 3: Onboarding and Normalizing Data

• Exploring inputs.conf using the Splunk Add-on for Microsoft Windows
• Extracting fields using props.conf and transforms.conf
• Creating event types and tagging
• Summary

5. Part 2: Visualizing Data with Splunk

6. Chapter 4: Introduction to SPL

• Understanding the Splunk search interface
• Dissecting a Splunk query
• Formatting and transforming data
• Summary

7. Chapter 5: Reporting Commands, Lookups, and Macros

• Exploring more Splunk commands
• Enhancing logs with lookups
• Simplifying Splunk searches with macros
• Summary

8. Chapter 6: Creating Tables and Charts Using SPL

• Creating and formatting tables
• Creating and formatting charts
• Creating advanced charts
• Summary

9. Chapter 7: Creating Dynamic Dashboards

• Adding tables and charts to dashboards
• Adding inputs, tokens, and drilldowns
• Exploring the dashboard source
• Adding reports and drilldowns to dashboards
• Experimenting with the new Dashboard Studio
• Summary

10. Part 3: Advanced Topics in Splunk

11. Chapter 8: Licensing, Indexing, and Buckets

• Understanding Splunk indexing and buckets
• Exploring Splunk queues
• Discussing Splunk licensing models
• Summary

12. Chapter 9: Clustering and Advanced Administration

• Introducing Splunk clusters
• Understanding search head clusters
• Understanding indexer clusters
• Summary

13. Chapter 10: Data Models, Acceleration, and Other Ways to Improve Performance

• Understanding data models
• Accelerating data models
• Improving performance
• Summary

14. Chapter 11: Multisite Splunk Deployments and Federated Search

• Exploring multisite Splunk deployments
• Configuring federated search
• Using federated search
• Summary

15. Chapter 12: Container Management

• Understanding container management
• Deploying Splunk in Docker
• Getting started with Splunk Operator for Kubernetes
• Exploring container logs using Splunk
• Summary

16. Index

• Why subscribe?

17. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts
• Download a free PDF copy of this book