Table of Contents
2.3 Past, Present, and Future of Splunk 5
2.4 Splunk Architecture and Licenses 6
2.5 Splunk Documentation and Community Tour 7
3 Installing Splunk Enterprise 8
3.2 Building Splunk Environments 9
3.4 Demo: Installing in Windows Environment 10
3.5 Demo: Installing in Linux Environment 10
3.7 Demo: Splunk Cloud Options 13
4 Navigating and Configuring the Splunk Enterprise 15
4.2 Getting Data into Splunk 15
4.3 Demo: Getting Data into Splunk – web log file 15
4.4 Navigating Splunk Search 16
4.4.1 How to Search in Splunk 16
4.5 Demo: Adding More Data into Splunk 17
4.6 Demo: Installing Splunk Apps 17
4.8 Demo: Splunk User Roles 18
5 Wrapping up Splunk Enterprise Installation and Configuration 21
Course Overview
Course Overview
Splunk for Analysing and Processing data and Data Anaytics
Different Roles
Different Environemnt – Linux, Mac, Windows
What Is Splunk?
Overview
What is Machine Data?
What Is Machine Data?
IIS Log, Windows Event Log
Past, Present, and Future of Splunk
Splunkbase
Splunk Architecture and Licenses
3 Architectural Building Blocks
Index (3 types of indexes)
Search Head
Forwarder
Splunk Documentation and Community Tour
WWW.SPLUNK.COM / sigin in Resources > Platform > Splunk Enterprises – we can choose the Product / Version to get the appropriate help
User Groups – splunk community > Signin
Community
Splunkbase
https://splunkbase.splunk.com/app/6143 -- find more information
Summary
Installing Splunk Enterprise
Overview
Building Splunk Environments
Setting Up Splunk
Get Free Licensing
Register
Request
Download
Cloud Trial
Search Heaed > Indexes > Environments
In this course all going into one location (Indexer / Search Head / Forwarder)
Data ingest Limitations based on the licenses – for free 500 MB / day
Ports
8000 default to login with Username and password http://localhost:8000/
8090 – Management Port
Demo: Installing in Windows Environment
Login Splunk - go to Dashboard - Free trials and downloads – documentation link available to check prerequisites – Download and install
Demo: Installing in Linux Environment
Login to Dashboard – Free Trials and Downloads – Choose Splunk Enterprise – Choose Linux – Check System Requirements in documentation Link - Choose .rpm - Download Now – Click Download via Command Line (wget)
Copy the content – Login to Linux Server –
Sudo yum install wget --- check we can use wget
Sestatus --- check linux status
Enforcing to Permissive –
Sudo setenforce 0
Paste the wget code – it will download the splunk
If not loading check the firewall
Splunk in the Cloud
Demo: Splunk Cloud Options
No need to download
Login to Dashboard – Free Trials and Downloads – Choose Splunk Cloud – directly goest to our URL – takes 10 minutes to configure and set up – this is valid only 15 days
If we are AWS customer, we can login EC2 Dashboard – AMI Catelog search splunk – we can get splunk enterprise – download and install
Summary
Navigating and Configuring the Splunk Enterprise
Overview
Getting Data into Splunk
Demo: Getting Data into Splunk – web log file
Log in Splunk – Settinbgs – Data section – Data Input or
Quick Link > Add Data
When we add data, it ask to create Index for that data
Navigating Splunk Search
How to Search in Splunk
Basic Search
SPL – Splunk Processing Language
Splunkbase
APIs
Basic Splunk Search
Demo: Adding More Data into Splunk
Add Data – Monitoring – Local Event Logs - Select all fiedls
Demo: Installing Splunk Apps
Splunkbase – search Dell PowerScale App for Splunk
OR In splunk Dashboard – Find more Apps link – this will connect splunkbase with all api or applications – we can install by using splunk account
Splunk Roles in Search
Demo: Splunk User Roles
Settings – USERS AND AUTHENTICATIONS – Roles
We can create new roles also
Documentation - https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/Rolesandcapabilities
Edit_helth capability is with Admin role – can do the health check of splunk
How to create user
Summary
Wrapping up Splunk Enterprise Installation and Configuration
Splunk Learning Path
No comments:
Post a Comment