Tutorials_World_Splunk_Chapters_01-05

 

1 SPLUNK 1. Introduction

1.1 Part - 1 | Welcome to this course! SPLUNK | SPLUNK tutorial | SPLUNK full course

1.2 PART - 2 | Demo Analyzing some data | SPLUNK tutorial

2 SPLUNK 2. Admin Basics

2.1 PART - 3 | The Basics of Splunking | SPLUNK tutorial

2.2 PART - 4 | Splunk installation options | SPLUNK tutorial

2.3 PART - 5 | Demo installing Splunk in Linux | SPLUNK tutorial

2.4 PART - 6 | Demo installing Splunk in Windows | SPLUNK tutorial

2.5 PART - 7 | Demo installing Splunk in MacOS | SPLUNK tutorial

2.6 PART - 8 | Identify Splunk components | SPLUNK tutorial

2.6.1 Processing Component

2.6.1.1 Forwarder

2.6.1.2 Indexer

2.6.1.3 Search Head

2.6.2 Monitoring Component

2.6.2.1 Deployment Server

2.6.2.2 License Master

2.6.2.3 Indexer Cluster Master

2.6.2.4 Search Head Cluster Deployer

3 SPLUNK 3. Licence management

3.1 PART - 9 | License to Splunk | SPLUNK tutorial

3.2 PART - 10 | Identify license types | SPLUNK tutorial

3.3 PART - 11 | Understand license violations | SPLUNK tutorial

3.4 PART - 12 | Demo licensing | SPLUNK tutorial

3.5 PART - 13 | Distributed Licensing | SPLUNK tutorial

4 SPLUNK 4. SPLUNK configuration files

4.1 PART -14 | Configuration Files | SPLUNK tutorial

4.2 PART - 15 | Describe Splunk configuration directory structure | SPLUNK tutorial

4.2.1 Directory Structure

4.2.2 Common Configuration Files

4.3 PART - 16 | Understand configuration layering and precedence | SPLUNK tutorial

4.3.1 Config file context

4.3.1.1 Global

4.3.1.2 App or User specific

4.3.2 Precedences

4.3.3 Btool

4.4 PART - 17 | Demo Use btool to examine configuration settings demo | SPLUNK tutorial

5 SPLUNK 5. Splunk Indexes

5.1 PART - 18 | All About Indexes | SPLUNK tutorial

5.2 PART - 19 | Describe index structure | SPLUNK tutorial

5.3 PART - 20 | List types of index buckets | SPLUNK tutorial

5.4 %PART - 21 | Check index data integrity | SPLUNK tutorial

5.5 %PART - 22 | Describe indexes conf options | SPLUNK tutorial

5.6 PART - 23 | Describe the fishbucket | SPLUNK tutorial

5.7 PART - 24 | Demo Create an index | SPLUNK tutorial

5.8 PART - 25 | Demo Apply a data retention policy | SPLUNK tutorial

5.9 PART - 26 | Demo Exploring buckets in the Splunk file system | SPLUNK tutorial

5.10 PART - 27 | Check hashes to validate data | SPLUNK tutorial

1. SPLUNK 1. Introduction 

1. Part - 1 | Welcome to this course! SPLUNK | SPLUNK tutorial | SPLUNK full course

Twitter : @adam_frisbee / Udeme course

Answers.splunk.com

2. PART - 2 | Demo Analyzing some data | SPLUNK tutorial

• Add Data – upload – Search

• Splunk discovered data and listed in left as 

• Selected Fields

• Interesting Fields

• “+ Extract New Fields” – lists raw data from the source

• 

• Compare success and error – this has visualization

• 

• Create Dashboard based on this

• 

• 

• 

• 
  

2. SPLUNK 2. Admin Basics

1. PART - 3 | The Basics of Splunking | SPLUNK tutorial

2. PART - 4 | Splunk installation options | SPLUNK tutorial

3. PART - 5 | Demo installing Splunk in Linux | SPLUNK tutorial

4. PART - 6 | Demo installing Splunk in Windows | SPLUNK tutorial

5. PART - 7 | Demo installing Splunk in MacOS | SPLUNK tutorial

6. PART - 8 | Identify Splunk components | SPLUNK tutorial

1. Processing Component 

1. Forwarder

• Universal Farworder

• Easy to install

• Heavy Forwarder

• Forward, Parse, route

2. Indexer

3. Search Head

2. Monitoring Component

1. Deployment Server

2. License Master

3. Indexer Cluster Master

4. Search Head Cluster Deployer

3. SPLUNK 3. Licence management

1. PART - 9 | License to Splunk | SPLUNK tutorial

2. PART - 10 | Identify license types | SPLUNK tutorial

3. PART - 11 | Understand license violations | SPLUNK tutorial

4. PART - 12 | Demo licensing | SPLUNK tutorial

• Splunk  > Settings > Licensing

• Not available for me in EPB

• 

• 

5. PART - 13 | Distributed Licensing | SPLUNK tutorial

• Universal Forwarder doesn’t required License but Heavy Forwarder needs license.

• 
  

4. SPLUNK 4. SPLUNK configuration files

1. PART -14 | Configuration Files | SPLUNK tutorial

2. PART - 15 | Describe Splunk configuration directory structure | SPLUNK tutorial

1. Directory Structure

2. Common Configuration Files 

3. PART - 16 | Understand configuration layering and precedence | SPLUNK tutorial

1. Config file context 

1. Global 

2. App or User specific

2. Precedences

3. Btool

• Used for Troubleshoot

• Merged configurations

• 
  

4. PART - 17 | Demo Use btool to examine configuration settings demo | SPLUNK tutorial

5. SPLUNK 5. Splunk Indexes

1. PART - 18 | All About Indexes | SPLUNK tutorial

2. PART - 19 | Describe index structure | SPLUNK tutorial

3. PART - 20 | List types of index buckets | SPLUNK tutorial

4. %PART - 21 | Check index data integrity | SPLUNK tutorial

5. %PART - 22 | Describe indexes conf options | SPLUNK tutorial

Indexes.Conf options

6. PART - 23 | Describe the fishbucket | SPLUNK tutorial

• Keep track of which part of the files in bucket already indexed

• _audit

• Fish bucket contains Seek Pointers, CRC (Cyclical Redundancy Check) for the files

• 

• Directory monitor on Windows machine 

• C:\logs directory

• 
  

7. PART - 24 | Demo Create an index | SPLUNK tutorial

2 ways to create Index

• Add new data splunk we can create index

• Create indexes with existing data in splunk – Settings > Indexes > New Index

•  

Tsidx = Time Size index policy

8. PART - 25 | Demo Apply a data retention policy | SPLUNK tutorial 

• Default retain the data for 6 years

• Global or user context 

• Cd etc/system/default/indexes.conf

• 

• 
  
• 
  

• 

• In the indexes.conf > under stanza, frozenTimePeriodInSecs = 2419200 > this is 21 days

• 
  

9. PART - 26 | Demo Exploring buckets in the Splunk file system | SPLUNK tutorial 

• 

• 
  

10. PART - 27 | Check hashes to validate data | SPLUNK tutorial

• As there is no data the integrity checking failoed.

•