更新时间:2021-07-09 19:26:01
封面
版权信息
Credits
Preface
Part 1. Module 1
Chapter 1. Splunk in Action
Your Splunk.com account
Installing Splunk on Windows
Creating a Splunk app
Populating data with Eventgen
Controlling Splunk
Configuring Eventgen
Viewing the Destinations app
Creating your first dashboard
Summary
Chapter 2. Bringing in Data
Splunk and big data
Splunk data sources
Creating indexes
Buckets
Data inputs
Splunk events and fields
Extracting new fields
Chapter 3. Search Processing Language
Anatomy of a search
Time modifiers
Filtering search results
Search command - stats
Search command - top/rare
Search commands - chart and timechart
Search command - eval
Search command - rex
Chapter 4. Data Models and Pivot
Creating a data model
Data model acceleration
Rearranging your dashboard
Chapter 5. Data Optimization Reports Alerts and Accelerating Searches
Data classification with event types
Data normalization with tags
Data enrichment with lookups
Creating reports
Creating alerts
Search and report acceleration
Scheduling best practices
Summary indexing
Chapter 6. Panes of Glass
Creating effective dashboards
Types of dashboard
Form inputs
Creating a time range input
Creating a radio input
Creating a dropdown input
Static Real-Time dashboard
Creating a map called a choropleth
Chapter 7. Splunk SDK for JavaScript and D3.js
Introduction to Splunk SDKs
Practical applications of Splunk's SDK
Creating the final dashboard\jobs.js
Chapter 8. HTTP Event Collector
What is the HEC?
How does the HEC work?
How data flows to the HEC?
Chapter 9. Best Practices and Advanced Queries
Temporary indexes and oneshot indexing
Searching within an index
Search within a limited time frame
Quick searches via fast mode
Using event sampling
Splunk Universal Forwarders
Advanced queries
How to improve logs
Part 2. Module 2
Chapter 1. Play Time – Getting Data In
Introduction
Indexing files and directories
Getting data through network ports
Using scripted inputs
Using modular inputs
Using the Universal Forwarder to gather data
Loading the sample data for this book
Defining field extractions
Defining event types and tags
Chapter 2. Diving into Data – Search and Report
Making raw event data readable
Finding the most accessed web pages
Finding the most used web browsers
Identifying the top-referring websites
Charting web page response codes
Displaying web page response time statistics
Listing the top viewed products
Charting the application's functional performance
