What this book covers
Chapter 1, The Application of Splunk, provides an explanation of what Splunk is all about and how it can fit into an organization's architectural roadmap. The evolution aspect is also discussed along with what might be considered standard or typical use cases for this technology. Finally, some more out-of-the-box uses for Splunk are given.
Chapter 2, Advanced Searching, demonstrates advanced searching topics and techniques, providing meaningful examples as we go along. It focuses on searching operators, command formats and tags, subsearching, searching with parameters, efficient searching with macros, and search results.
Chapter 3, Mastering Tables, Charts, and Fields, provides in-depth methods to leverage Splunk tables, charts, and fields. It also provides working examples.
Chapter 4, Lookups, covers Splunk lookups and workflows and discusses more on the value and designing aspect of lookups, including file and script lookups.
Chapter 5, Progressive Dashboards, explains the default Splunk dashboard and then expands into the advanced features offered by Splunk for making business-effective dashboards.
Chapter 6, Indexes and Indexing, defines the idea of indexing, explaining its functioning and its importance and goes through the basic to advanced concepts of indexing step by step.
Chapter 7, Evolving Your Apps, discusses advanced topics of Splunk applications and add-ons, such as navigation, searching, and sharing. Sources to find additional application examples are also provided.
Chapter 8, Monitoring and Alerting, explains monitoring as well as the alerting capabilities of the Splunk technology and compares Splunk with other monitoring tools.
Chapter 9, Transactional Splunk, defines and describes Splunk transactions from an enterprise perspective. This chapter covers transactions and transaction types, advanced use of transactions, configuration of types of transactions, grouping events, concurrent events in Splunk, what to avoid during transactions, and so on.
Chapter 10, Splunk – Meet the Enterprise, introduces the idea of Splunk from an enterprise perspective. Best practices on important developments, such as naming, testing, documentation, and developing a vision are covered in detail.
Appendix, Quick Start, gives examples of the many resources one can use to become a Splunk master (from certification tracks to the company's website, and support portal, and everything in between). The process to obtain a copy of the latest version of Splunk and the default installation of Splunk is also covered.
