Introduction to Splunk

Welcome to the first chapter of the Splunk 7.x Quick Start Guide! This chapter introduces Splunk to the newcomer and guides them progressively toward understanding the reasons why Splunk is so popular. It introduces all the powerful capabilities and solutions it offers for collecting and analyzing machine data from a wide variety of devices and environments. This chapter also includes a high-level overview of how Splunk works to serve as a foundation for digging into more details in the chapters to come.

The topics that are covered in this chapter include the following:

• Understanding what Splunk is and what problems it solves
• Installing a free version of Splunk Enterprise
• Becoming familiar with the major components of a Splunk solution and their functions
• Becoming aware of the major processing tiers of a Splunk deployment—data input, parsing, indexing, and search 
• Learning about the four key Splunk fields for every event—_time, host, source, and sourcetype—and why they're important
• Becoming aware of the Splunk community and all the information and resources available to learn more about configuring and using Splunk