Splunk Deep Dive
May 13th, 2019
BigData Training Architect II in Content
As one of the early log aggregation products in the IT industry, Splunk has remained a popular choice amongst system administrators, engineers, and developers for operational analytics. Whether you are aggregating log files, system resource utilization metrics, or application data, Splunk is there to centralize your IT data for easy search and visualization.
This course serves as in introduction to Splunk Enterprise. After getting familiar with some basic terminology and components, you will get to follow along by setting up your own standalone Splunk instance through the Linux Academy Cloud Playground. With your own instance, you can follow along as we secure our standalone Splunk instance, configure monitoring and alerting, and finally index some log data to perform search and visualization analysis.
Let's talk briefly about what you can expect from this course. I will address who this course is targeted to, what skills you should have before taking this course, and give a quick synopsis of the course syllabus to give you a better idea of what you will be learning and doing.
About the Author
Hello! Welcome to my Splunk Deep Dive course. This is just a short introduction video about me so that you can get to know me a little bit and have a face behind the voice.
Splunk Enterprise Overview
Before we get started with deploying and using Splunk Enterprise, it is important to be familiar with some basic terms and components. In this lesson, we will cover the important terms that you will want to understand as we use them throughout the course quite extensively. We will also explain the main components that make up Splunk, like forwards, indexers, and search heads.
Splunk Enterprise Installation Recommendations
Before we can deploy Splunk, we need to first talk about some basic installation requirements. Also, to help you capacity plan for your own Splunk installations, we need to talk about some design considerations in order to develop an efficient and appropriately sized cluster for your specific use case.
Standalone Splunk Enterprise Deployment
We finally get our hands dirty by deploying a standalone Splunk Enterprise instance to our Linux Academy cloud server! To use the same version of Splunk as me, use this link: Splunk 188.8.131.52. Feel free to follow along using your own Linux Academy cloud server as we exercise the following: Spin up a Linux Academy cloud serverCreate a Splunk account and download the installer RPMDeploy a standalone Splunk Enterprise instanceSeed the administrator credentialsEnable auto-start on system bootBrowse the Splunk web console
Splunk Enterprise Security Overview
Before we jump in and start implementing some better security features in our standalone Splunk Enterprise instance, let's talk a little bit about some of the security features Splunk has, in addition to some best practices you'll want to implement in your production environments.
Secure Splunk Enterprise
Security is certainly a very important aspect to any IT service and even more so with data infrastructure. Data integrity and confidentiality is paramount to obtaining and retaining customer trust and business. Let's implement a few security measures on our standalone Splunk Enterprise instance. Follow along with me using your Linux Academy cloud server as we exercise the following: Enable HTTPSCreate a limited access userHarden the password policy
Splunk Enterprise Monitoring Console
We talk a lot about capacity planning and experimenting to determine optimal cluster design in this course. So, how do we get access to the information to actually do this? Well, with the Splunk Enterprise monitoring console. Follow along using your Linux Academy cloud server as we exercise the following: Use the Splunk monitoring console to monitor the machine resource utilizationUse the Splunk monitoring console to monitor instance resource utilizationPerform a comprehensive health check on your Splunk cluster
Splunk Enterprise Alerting
Collecting tons of data from your environments is really great and provides a ton of monitoring and troubleshooting value, but how do I configure Splunk to tell me when there is something important happening so that I don't have to watch my data 24/7? Using alerts in Splunk Enterprise will allow us to do just that. Get alerts about your Splunk instance itself from resource utilization to licensing quotas. Then, create your own alerts backed by saved searches to trigger some actions based on a custom threshold.
Splunk Enterprise Data Indexing and Analysis
Let's really get our hands dirty in this video where we will actually start to demonstrate the real value of Splunk by indexing some data and analyzing it through search and visualizations. Our Splunk cloud server should have been online for a little while now so let's index the Linux secure log and see what the internet has been up to in regard to our cloud server.
Are you interested in data-related jobs? Are you wondering what to learn next? Well, let's talk about some other technologies and concepts that play nicely with Splunk and data-related job listings.
Learn how to get involved with our growing community of awesome students and get recognized for your hard work!