Investigate procedures in Splunk IT Essentials Learn
Splunk IT Essentials Learn offers out-of-the-box procedures for a variety of common IT use cases. The procedures provide a starting point to start ingesting your data into Splunk Enterprise and monitoring useful metrics within your environment. Go to the Investigate tab to see the available procedures.
The following use cases are currently available in Splunk IT Essentials Learn:
- Application
- Application
- Web Servers
- Cloud Infrastructure
- AWS
- Azure
- GCP
- VMware
- Database
- Database Wire Data
- Network
- Firewall
- Routers and Switches
- Server and OS
- Unix and Linux
- Windows
- Storage
- Isilon
Each use case contains a variety of relevant procedures.
IT maturity journey stages
All procedures are ranked on a scale of 1-4 based on their IT maturity stage.
| Stage | Description |
|---|---|
| (1) Descriptive | Looks at data descriptively and tells you what happened in the past. These procedures can help you understand how certain components are performing by providing context to help stakeholders interpret information. |
| (2) Diagnostic | Helps you understand why something happened in the past. Diagnostic analysis is often referred to as root cause analysis. |
| (3) Predictive | Predicts what is most likely to happen in the future by considering key trends and patterns. |
| (4) Prescriptive | Recommends actions you can take to affect outcomes. These procedures suggest various courses of action and outline what the potential implications would be for each. |
The Investigate page displays the available procedures along with their maturity levels. Use the available filters to filter by IT maturity journey stage, data source, or whether the procedure is marked as a favorite or deployed.
Investigate a procedure
Each procedure in Splunk IT Essentials Learn contains useful information to help you get your data into Splunk Enterprise and start deploying it. In most cases, you get the live data into your instance by installing and configuring the appropriate Splunk add-on. Each procedure lists the Splunk add-ons required to ingest the proper data along with links to Splunkbase to download and install them. The How to implement tab provides instructions to implement the procedure, as well as links to useful content and troubleshooting information.
All procedures contain a demo data search so you can preview how the corresponding visualization looks, as well as a live data search you can run on your own data once you've ingested it using add-ons. The searches include SPL descriptions showing why they use each search command.
Favorite and deploy procedures
Splunk IT Essentials Learn gives you control of your own IT journey. Use the Favorited option to highlight the procedures that are interesting or relevant to your business case, and then work through those procedures over time. Consider favoriting procedures at all levels so you can set incremental goals.
Use the Mark as Deployed option to record your progress toward IT maturity. Mark a procedure as deployed once you've successfully onboarded your own data using the add-ons and deployed the live data search as a dashboard in your global Splunk environment. By marking procedures as deployed you can use the My Progress page to track your exploration of IT Essentials procedures. For more information about the visualizations on the My Progress page, see Track your progress in Splunk IT Essentials Learn.
| Track your progress in Splunk IT Essentials Learn |
This documentation applies to the following versions of Splunk® IT Essentials Learn: 1.1.8
Download manual
Feedback submitted, thanks!