舉報 
會員
Splunk 7.x Quick Start Guide
Splunkisaleadingplatformandsolutionforcollecting,searching,andextractingvaluefromeverincreasingamountsofbigdata-andbigdataiseatingtheworld!ThisbookcoversallthecrucialSplunktopicsandgivesyoutheinformationandexamplestogettheimmediatejobdone.YouwillfindenoughinsightstosupportfurtherresearchanduseSplunktosuitanybusinessenvironmentorsituation.Splunk7.xQuickStartGuidegivesyouathoroughunderstandingofhowSplunkworks.Youwilllearnaboutallthecriticaltasksforarchitecting,implementing,administering,andutilizingSplunkEnterprisetocollect,store,retrieve,format,analyze,andvisualizemachinedata.Youwillfindstep-by-stepexamplesbasedonreal-worldexperienceandpracticalusecasesthatareapplicabletoallSplunkenvironments.Thereisacarefulbalancebetweenadequatecoverageofallthecriticaltopicswithshortbutrelevantdeep-divesintotheconfigurationoptionsandstepstocarryouttheday-to-daytasksthatmatter.Bytheendofthebook,youwillbeaconfidentandproficientSplunkarchitectandadministrator.
目錄(254章)
倒序
- coverpage
- Title Page
- Dedication
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Introduction to Splunk
- What is Splunk?
- Splunk products
- The history of Splunk
- Installing Splunk for free
- Splunk components
- Splunk processing tiers
- Splunk events
- Splunk information resources
- Summary
- Architecting Splunk
- Selecting a Splunk configuration
- Data collection – data inputs
- Data collection – concurrent searches
- Distributed versus clustered Splunk environments
- Replication and search factor
- Replication factor
- Search factor
- Hot/warm and cold buckets
- Search head clusters
- Making a design decision
- Selecting Splunk hardware options
- Performance considerations
- Making a hardware selection
- Disk-sizing calculations
- Summary
- Installing and Configuring Splunk
- Installing Splunk Enterprise
- Installing Splunk on Linux
- Linux settings
- User–group – environment settings
- ulimits
- Transparent huge pages
- Starting Splunk
- Starting on reboot
- Stopping Splunk
- Installing Splunk on Windows server
- Disabling antivirus software
- Installing Splunk with a short pathname
- Installing Splunk via the GUI
- Stopping and starting Splunk on Windows
- Synchronization of system clocks
- Configuring Splunk components
- Splunk directory structure
- Configuration file precedence
- Splunk installation checklist
- Component and IP address list
- Installation steps
- Individual component configurations
- License master and cluster master
- Forwarding Splunk's internal logs to the indexers
- Pointing servers to the license master
- Indexing cluster
- Configuring a TCP input
- Deployer
- Search heads
- Designating and starting a search head captain
- Checking search head cluster status
- Deployment server
- Multisite environments
- Cluster master
- Indexers
- Search heads
- Cross-environment search
- Documenting your Splunk deployment
- Summary
- Getting Data into Splunk
- Installing Splunk universal forwarder
- Installation steps
- Starting/stopping the universal forwarder
- Configuring outputs.conf
- Configuring inputs.conf
- Setting up a heavy forwarder
- Configuring other data source inputs
- Configuring an HTTP Event Collector
- Testing the HTTP Event Collector
- Introduction to apps
- Using the deployment server
- Configuring a deployment client
- Configuring the deployment server
- Creating deployment apps
- Creating a serverclass.conf file
- Using forwarder management in Splunk web
- Managing Splunk Indexes
- Creating an index
- Deleting index data
- Summary indexes
- Metrics indexes
- Splunk sourcetypes
- Creating custom source types
- Using the cluster master
- Distributing the configuration bundle
- Summary
- Administering Splunk Apps and Users
- Using the deployer
- Deploying new or updated apps
- Configuring users and roles
- Splunk authentication
- LDAP authentication
- SAML authentication
- Managing Splunk roles
- Search restrictions
- Capabilities
- Indexes
- authorize.conf
- Working with authentication.conf and authorize.conf
- Best practices for administering Splunk
- Index naming conventions
- Source type naming conventions
- Location of indexes.conf props.conf and transforms.conf
- Supporting your Splunk Deployment
- Splunk support personnel
- Funding Your Splunk deployment
- Splunk resource cost calculations
- Summary
- Searching with Splunk
- The Splunk Web interface
- Search controls
- Timeline and events
- Creating Splunk searches
- Basic search commands
- Index
- Time-range selection
- Search filters
- Search commands
- Eval
- Stats
- Dedup
- Rex
- Where
- Formatting commands
- Rename
- Sort/reverse
- Head/tail
- Top/rare
- Visualizing search results
- Table/fields
- Chart/timechart
- Chart
- Timechart
- Visualizations in Splunk web
- Advanced search commands
- Subsearches
- Join
- Transaction
- Streaming versus transforming commands
- Optimizing searches
- Optimizing search jobs
- Job inspector
- Summary
- Splunk Knowledge Objects
- Field extractions
- Index-time field extractions
- Search-time field extractions
- Using the extract fields interface
- Other knowledge objects
- Event types – tags – aliases
- Event type
- Tags
- Field aliases
- Lookups
- Macros
- Datasets and data models
- Datasets
- Data models
- Using data models in search
- Data model acceleration
- Pivot tables
- Summary
- Splunk Reports Dashboards and Alerts
- Introduction
- Creating reports
- Scheduling a report
- Creating a dashboard
- Adding a new panel with inline search
- Editing panel characteristics
- Using dashboard forms
- Using tokens
- Working with Simple XML
- Improving dashboard performance
- Using JavaScript and CSS within a dashboard
- Event-handlers
- Creating an alert
- Summary
- Splunk Applications
- Splunk apps and add-ons
- Creating a Splunk app
- App context and permissions
- Using Splunkbase
- Splunk app and add-on for Unix and Linux
- Machine learning toolkit
- Splunk DB Connect
- Requirements and installation
- Hardware requirements
- Java runtime
- Installing DB connect
- Database JDBC drivers
- Configuring DB Connect
- Configuring task server
- Database drivers
- Configuring database input
- Identities and roles
- Connections
- Input
- Output
- Lookups
- Troubleshooting DB Connect
- HEC port conflicts
- Splunk Premium apps
- IT service intelligence
- Enterprise security and UBA
- Summary
- Advanced Splunk
- Troubleshooting Splunk
- Splunk logs
- btool
- diag
- Opening a Splunk support case
- Locked license issue
- Performance and capacity
- REST API endpoints
- Splunk Monitoring Console
- Configuring the monitoring console
- Using the Monitoring Console
- Data rebalancing
- Indexer clustering and bucket status
- Upgrading Splunk Enterprise
- Splunk development
- Software Development Kits
- Using the Python SDK
- The REST API
- Additional study topics
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-10 19:05:42
推薦閱讀
- 我的J2EE成功之路
- AutoCAD快速入門與工程制圖
- Hands-On Artificial Intelligence on Amazon Web Services
- 大數據專業英語
- 新手學電腦快速入門
- CentOS 8 Essentials
- SMS 2003部署與操作深入指南
- 嵌入式GUI開發設計
- 強化學習
- Hands-On SAS for Data Analysis
- 中國戰略性新興產業研究與發展·數控系統
- 計算機硬件技術基礎(第2版)
- Deep Learning Essentials
- 運動控制系統
- Getting Started with Tableau 2019.2
- 深度學習之模型優化:核心算法與案例實踐
- 細節決定交互設計的成敗
- Cassandra Design Patterns
- 信息技術基礎應用
- 局域網應用一點通
- Orange'S:一個操作系統的實現
- 大數據挖掘與統計機器學習
- GAN實戰
- 人工智能算法(卷2):受大自然啟發的算法
- Learning Elastic Stack 6.0
- Learning Docker(Second Edition)
- Visual Basic.NET+SQL Server全程指南
- 機器學習案例實戰
- 高級PLC硬件和編程:基于Allen-Bradley和Siemens平臺的軟、硬件基礎和高級技術
- 多變量過程智能優化辨識理論及應用
