You're reading from Data Analytics Using Splunk 9.x A practical guide to implementing Splunk's features for performing data analysis at scale

Product type Paperback

Published in Jan 2023

Publisher Packt

ISBN-13 9781803249414

Length 336 pages

Edition 1st Edition

Tools

Splunk

Concepts

Data Analysis

Author (1):

Dr. Nadine Shillingford

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Getting Started with Splunk

2. Chapter 1: Introduction to Splunk and its Core Components FREE CHAPTER

3. Chapter 2: Setting Up the Splunk Environment

4. Chapter 3: Onboarding and Normalizing Data

5. Part 2: Visualizing Data with Splunk

6. Chapter 4: Introduction to SPL

7. Chapter 5: Reporting Commands, Lookups, and Macros

8. Chapter 6: Creating Tables and Charts Using SPL

9. Chapter 7: Creating Dynamic Dashboards

10. Part 3: Advanced Topics in Splunk

11. Chapter 8: Licensing, Indexing, and Buckets

12. Chapter 9: Clustering and Advanced Administration

13. Chapter 10: Data Models, Acceleration, and Other Ways to Improve Performance

14. Chapter 11: Multisite Splunk Deployments and Federated Search

15. Chapter 12: Container Management

16. Index

Why subscribe?

17. Other Books You May Enjoy

Summary

Corporations are discovering the value of analyzing big data to give insight into users behavior. This analysis has yielded results that have proven useful in various fields, including education, medicine, and computer security. In this chapter, we explored the use of Splunk to tackle big data problems. We looked at how data generation has changed over time. We looked at how Splunk has been used in organizations to solve problems. We also reviewed the key components of Splunk – forwarders, indexers, and search heads. We learned that forwarders send data to the indexers, which index the data. Users use Splunk search heads to create search queries in SPL. These search heads create knowledge bundles that they send to the indexers. The indexers search their indexes for data that match the queries. They return the results to the search heads. These components work together to give powerful results.

Finally, we introduced our BOTS dataset v1 dataset, which was generated for the Splunk BOTS competition and is a rich dataset for this exercise. We will use examples from this dataset throughout the rest of this book.

We will deploy our Splunk environment in Chapter 2, Setting Up the Splunk Environment, which will consist of a search head, an indexer, a deployment server, and three forwarders.