Welcome to the Splunk Tutorial!
Contents
Welcome to the Splunk Tutorial!
Splunk is powerful and versatile IT search software that takes the pain out of tracking and utilizing the information in your data center. If you have Splunk, you won't need complicated databases, connectors, custom parsers or controls--all that's required is a web browser and your imagination. Splunk handles the rest.
Use Splunk to:
- Continually index all of your IT data in real time.
- Automatically discover useful information embedded in your data, so you don't have to identify it yourself.
- Search your physical and virtual IT infrastructure for literally anything of interest and get results in seconds.
- Save searches and tag useful information, to make your system smarter.
- Set up alerts to automate the monitoring of your system for specific recurring events.
- Generate analytical reports with interactive charts, graphs, and tables and share them with others.
- Share saved searches and reports with fellow Splunk users, and distribute their results to team members and project stakeholders via email.
- Proactively review your IT systems to head off server downtimes and security incidents before they arise.
- Design specialized, information-rich views and dashboards that fit the wide-ranging needs of your enterprise.
What's in this tutorial?
If you're new to Splunk, this tutorial will teach you what you need to know to start using Splunk, from a first-time download to creating rich, interactive dashboards. This tutorial includes a sample data set comprised of web server and MySQL logs for a fictional online store. Follow the detailed instructions to add this data to your Splunk instance. Learn the different ways you can search the data, save reports, and create dashboards targeted to meet different business needs.
Make a PDF
If you'd like a PDF version of this manual, click the red Download the Splunk Tutorial as PDF link below the table of contents on the left side of this page. A PDF version of the manual is generated on the fly for you, and you can save it or print it out to read later.
Note: Copying and pasting searches or regular expressions directly from the PDF into Splunk Web is not recommended. In some cases, doing so causes errors because of hidden characters that are included in the PDF formatting.
This documentation applies to the following versions of Splunk: 5.0 , 5.0.1 , 5.0.2 , 5.0.3 View the Article History for its revisions.
Comments
please explain it with snapshots and examples.
===== RHEL Client ==========
yum -y --nogpgcheck install splunkforwarder-5.0.2-149561.i386.rpm
yum -y install sysstat
export PATH=$PATH:/opt/splunkforwarder/bin
splunk start --accept-license --answer-yes --auto-ports --no-prompt
splunk add forward-server example.com:9997
splunk set deploy-poll example.com:8089 -auth admin:changeme
splunk enable boot-start
splunk edit user admin -password tmp123 -auth admin:changeme
splunk restart
splunk display deploy-client
(Wait up to 5 mins for the app to download and the data to push back to the server)
====== RHEL Server ==========
(edit hosts files on both server and client or ensure FQDN)
yum -y --nogpgcheck install splunk-5.0.2-149561.i386.rpm
yum -y install sysstat # for unix app
export PATH=$PATH:/opt/splunk/bin
splunk start --accept-license --answer-yes --auto-ports --no-prompt
splunk enable boot-start
http://example.com:8000/
Install *nix app (unix.tar.gz)
Manager->Forwarding and receiving->Receive data->Configure receiving->New
* Listen on this port: 9997
Edit: /opt/splunk/etc/system/local/serverclass.conf
[global]
stateOnClient = enabled
blacklist.0=*
continueMatching = true
[serverClass:forwarders]
machineTypes = linux-i686,linux-x86_64
[serverClass:forwarders:app:unix]
restartSplunkd = true
ln -s /opt/splunk/etc/apps/unix /opt/splunk/etc/deployment-apps/unix
splunk restart
splunk display deploy-server
As a newbie I left the tutorial as virginal as I was when I arrived. It would be helpful to see how it is used with specific cases layed out for us to step through. Then I could know what the product is for. As it is, I know it can index anything for any purpoe. That is like telling me Superman has amazing powers. I still wouldn't know if I should reach out to him if I got stuck on a math problem in school. He could deflect bullets, but does he know algebra? A tutorial can also step us through a real life problem that Splunk was used to solve an we could then watch how it was done.
Akshathapandu: This topic merely explains what you will find in this tutorial. Please continue reading for more detailed examples and procedures to start using Splunk.
Jem Jensen: Thanks for leaving a comment. Your instructions seem more relevant for Splunk administrators who need to set up distributed search. Forwarding and receiving are discussed in another manual, the Distributed Deployment Manual.
Additionally, you might be interested in the Search Language Quick Reference Card, http://docs.splunk.com/images/1/17/4.2.x_search_language_refcard.pdf