Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Overview 7.0.0
Generated: 11/17/2017 9:14 am
i
Introduction
Provides topics that help you navigate the documentation based on tasks
you want to complete.
1
About Splunk Enterprise
Splunk Enterprise is a software product that enables you to search, analyze, and
visualize the machine-generated data gathered from the websites, applications,
sensors, devices, and so on, that comprise your IT infrastructure or business.
After you define the data source, Splunk Enterprise indexes the data stream and
parses it into a series of individual events that you can view and search.
You can use the search processing language or the interactive pivot feature to
create reports and visualizations.
The following table highlights seven Splunk Enterprise features. You can read
about more features on Splunk.com.
Feature Description
Splunk Enterprise indexes machine data. This includes data
streaming from packaged and custom applications, application
servers, web servers, databases, networks, virtual machines,
Indexing
telecoms equipment, operating systems, sensors, and so on,
that make up your IT infrastructure. The maximum indexing
volume depends on the Splunk Enterprise license.
Search is the primary way users navigate data in Splunk
Enterprise. You can write a search to retrieve events from an
index, use statistical commands to calculate metrics and
Search generate reports, search for specific conditions within a rolling
time window, identify patterns in your data, predict future
trends, and so on. Searches can be saved as reports and used
to power dashboard panels.
Alerts Alerts are triggered when conditions are met by search results
for both historical and real-time searches. Alerts can be
configured to trigger actions such as sending alert information
to designated email addresses, post alert information to an RSS
2
feed, and run a custom script, such as one that posts an alert
event to syslog.
Reports are saved searches and pivots. You can run reports on
an ad hoc basis, schedule them to run on a regular interval, and
Reports set a scheduled report to generate alerts when the result of a
run meet particular conditions. You can add reports to
dashboards as dashboard panels.
Dashboards are made up of panels that contain modules such
as search boxes, fields, charts, tables, forms, and so on.
Dashboards Dashboard panels are usually connected to saved searches or
pivots. They can display the results of completed searches as
well as data from real-time searches that run in the background.
Pivot refers to the table, chart, or data visualization you create
using the Pivot Editor. The Pivot Editor lets users map attributes
defined by data model objects to a table or chart data
Pivot
visualization without having to write the searches to generate
them. Pivots can be saved as reports and added to
dashboards.
Data models encode specialized domain knowledge about one
or more sets of indexed data. They enable users of the Pivot
Data model Editor to create compelling reports and dashboards without
designing the searches that generate them. Data models can
have other uses, especially for Splunk app developers.
Download the Splunk Enterprise Quick Reference Guide
The Splunk Enterprise Quick Reference Guide (updated for version 6.3.0), is
available as a PDF file. It is a six-page reference card that provides information
about Splunk Enterprise features, concepts, search commands, and search
examples.
3
system secures the Splunk Enterprise
administrator deployment.
Sets up user accounts and permissions.
Gets data into Splunk Enterprise.
data analyst,
Uses Search to investigate server
IT
problems, understand configurations,
professional,
monitor user activities, and troubleshoot
network
escalated problems.
Search User engineer,
Builds reports and dashboards to
security
monitor the health, performance, activity,
analyst,
and capacity of their IT infrastructure.
system
Identifies patterns and trends that are
administrator
indicators of routine problems.
business
professional, Uses Pivot to build reports based on
data analyst, data models created by the Knowledge
executive, IT Manager.
Pivot User
professional, Creates reports and dashboards to
manager, monitor their businesses.
system Identifies trends in the health and
administrator performance of their businesses.
4
Splunk Enterprise and your IT infrastructure
Most users connect to Splunk Enterprise with a web browser and use Splunk
Web to administer their deployment, manage and create knowledge objects, run
searches, create pivots and reports, and so on. You can also use the
command-line interface to administer your Splunk Enterprise deployment.
Component Description
Apps are a collection of configurations, knowledge objects, and
customer designed views and dashboards that extend the
Splunk Enterprise environment to fit the specific needs of
Apps organizational teams such as Unix or Windows system
administrators, network security specialists, website managers,
business analysts, and so on. A single Splunk Enterprise
installation can run multiple apps simultaneously.
A forwarder is a Splunk Enterprise instance that forwards data
to another Splunk Enterprise instance (an indexer or another
Forwarder forwarder) or to a third-party system. Most forwarders are
lightweight instances, with minimal resource utilization, allowing
them to reside easily on the machine generating the data.
Indexer An indexer is the Splunk Enterprise instance that indexes data.
It typically receives data from a group of forwarders. The
indexer transforms the data into events and stores the events
into an index. The indexer also searches the indexed data in
response to search requests.
5
In a distributed search deployment, you might have multiple
indexers, also known as search peers.
6
Splunk Enterprise Resources and
Documentation
Product resources
This topic is an overview of the documentation, education, community resources
to help you find the information you want about Splunk Enterprise and other
Splunk products.
Documentation
7
Education
The Installation Manual describes how to install and upgrade Splunk Enterprise.
8
Get data into Splunk Enterprise
Getting Data In is the place to go for information about Splunk data inputs,
including how to consume data from external sources and how to enhance the
value of your data.
Managing Indexers and Clusters tells you how to configure indexes. It also
explains how to manage the components that maintain indexes: indexers and
clusters of indexers.
9
Learn about clusters and index
replication
Deploy clusters Deploy clusters
Configure clusters Configure clusters
Manage clusters Manage clusters
Learn about cluster architecture How clusters work
Scale Splunk Enterprise
10
Use Splunk Enterprise to audit your
Audit Splunk Enterprise
system activity
Use Single Sign-on (SSO) with Splunk
Configure Single Sign-on
Enterprise
Use Splunk Enterprise with LDAP Set up user authentication with LDAP
Searching
The Search Manual discusses how to search and use the Search Processing
Language (SPL). See the Search Reference for a catalog of the search
commands with syntax, descriptions, and examples for each command.
11
About jobs and jobs management
Manage search jobs
View search job properties
Creating Pivots
See more about reports and report management in the Reporting Manual.
12
Alerting
Managing Knowledge
These tables direct you to topics for understanding and managing knowledge
objects such as events, fields, lookups, and data models.
13
Understand and use the Common
Information Model
Monitor and organize knowledge
objects
Manage knowledge objects
Disable or delete knowledge objects
Events and event processing
14
Customize and Extend Splunk Enterprise
Developers can build Splunk Apps and integrate Splunk Enterprise with other
tools and applications. Follow these links to help you get started.
Using the Splunk REST API, developers can programmatically index, search,
and visualize data in Splunk Enterprise from any application.
Find information about Splunk SDKs on the Splunk for Developers Site and the
Splunk Documentation site for SDKs.
15
See the code library and examples for a Splunk
SDK
Extend Splunk Enterprise Functionality
Troubleshooting
The Troubleshooting Manual discusses how to analyze activity and diagnose
problems with Splunk Enterprise. You can also look in other manuals to find
specific information. For example, you can find topics on how to improve search
performance in the Search Manual.
16
About metrics.log
Write better searches
Troubleshoot search performance
View search job properties
About license violations
Troubleshoot license violations
Use the License Usage Report View
17