Splunk® Enterprise

Admin Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Manuals for the Splunk administrator

This Admin manual is one of several books with important information and procedures for the Splunk administrator. If you're responsible for configuring, running, and maintaining Splunk as a service for yourself or other users, start with this book. Then go to these other manuals for details on specific areas of Splunk administration:

Where to learn about specific aspects of Splunk administration

This table will help orient you to the set of books of primary interest to the Splunk administrator:

Manual What it covers Key topic areas
Admin Administering Splunk - the basics of Splunk administration, plus indexing, data security, configuration files, and the CLI What to do first
Getting started for Windows admins
Manage Splunk licenses
How to configure Splunk
Add and manage users
Indexing overview
Manage indexes
Back up and archive your indexes
Configure data security
Use Splunk's command line interface
Configuration file reference
Getting Data In Specifying data inputs and improving how Splunk handles data How to get data into Splunk
Configure event processing
Preview your data
Distributed Deployment Scaling your deployment to fit the needs of your interprise, with details on Splunk distributed components such as forwarders, search heads, and deployment servers Distributed Splunk overview
Forward data
Search across multiple indexers
Monitor your deployment
Deploy updates across your environment
Troubleshooting Solving problems First steps
Splunk log files
Some common scenarios
Installation Installing and upgrading Splunk System requirements
Step by step installation procedures
Upgrade from an earlier version

Other books of interest to the Splunk administrator

In addition to the manuals that describe the primary adminstration tasks, you might want to visit other manuals from time to time, depending on the size of your Splunk installation and the scope of your responsibilities. These are other manuals in the Splunk core documentation set:

  • Knowledge Manager. This manual describes how to manage Splunk knowledge objects, such as event types, tags, lookups, field extractions, workflow actions, saved searches, and views.
  • User. This manual provides an introduction to using Splunk, including a tutorial and introductory material on some Splunk adminstration activities, such as getting data into Splunk.
  • Search Reference. This reference contains a detailed catalog of the Splunk search commands.
  • Developer. This manual explains how to develop apps and add-ons, including advanced information on how to build dashboards and advanced views.
  • REST API Reference. This manual provides information on all publicly accessible REST API endpoints.
  • Release Notes. Look here for information about new features, known issues, and fixed problems.

The larger world of Splunk documentation

To access all the Splunk documentation, including app-specific manuals, go to this page: Welcome to Splunk documentation.

For links to the full set of Splunk core documentation, including the manuals listed above, visit: Splunk core documentation.

Make a PDF

If you'd like a PDF version of this manual, click the red Download the Admin Manual as PDF link below the table of contents on the left side of this page. A PDF version of the manual is generated on the fly. You can save it or print it to read later.

What is Splunk?

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters