You're reading from Data Analytics Using Splunk 9.x A practical guide to implementing Splunk's features for performing data analysis at scale

Product type Paperback

Published in Jan 2023

Publisher Packt

ISBN-13 9781803249414

Length 336 pages

Edition 1st Edition

Tools

Splunk

Concepts

Data Analysis

Author (1):

Dr. Nadine Shillingford

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Getting Started with Splunk

2. Chapter 1: Introduction to Splunk and its Core Components FREE CHAPTER

3. Chapter 2: Setting Up the Splunk Environment

4. Chapter 3: Onboarding and Normalizing Data

5. Part 2: Visualizing Data with Splunk

6. Chapter 4: Introduction to SPL

7. Chapter 5: Reporting Commands, Lookups, and Macros

8. Chapter 6: Creating Tables and Charts Using SPL

9. Chapter 7: Creating Dynamic Dashboards

10. Part 3: Advanced Topics in Splunk

11. Chapter 8: Licensing, Indexing, and Buckets

12. Chapter 9: Clustering and Advanced Administration

13. Chapter 10: Data Models, Acceleration, and Other Ways to Improve Performance

14. Chapter 11: Multisite Splunk Deployments and Federated Search

15. Chapter 12: Container Management

16. Index

Why subscribe?

17. Other Books You May Enjoy

Summary

In this chapter, we deployed a simple Splunk environment. The environment included a search head, indexer, deployment server, and three forwarders. We used a combination of the CLI, configuration file changes, and Splunk Web to configure each of these components. Our three Windows-based forwarders are managed by the deployment server. We then used the deployment server to install add-ons to different Splunk instances. The forwarders are configured to send data to the indexer and the search head is configured to send search requests to the indexer. Finally, we discussed the different concepts in Splunk access management including capabilities, roles, users, and authentication schemes. Splunk provides us with pre-defined roles that come with a set of capabilities. A Splunk administrator can create new roles that inherit from these existing roles and assign the roles to users. In addition, we can choose to use authentication schemes such as LDAP and SAML instead of the basic Splunk...