Splunk® Enterprise

Admin Manual

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Learn to administer Splunk

Splunk administration encompasses a variety of tasks, such as managing indexes, defining data inputs, configuring authentication, handling data security, and scaling Splunk for larger deployments. Because of the large and diverse nature of Splunk administration tasks, you might find yourself browsing through several manuals in the documentation set. This topic describes the main tasks of a Splunk administrator, with links to the relevant manuals, chapters, and topics.

Install and upgrade Splunk

The Installation Manual describes how to install and upgrade Splunk. For information on specific tasks, start here:

Task: Look here:
Understand installation requirements Plan your installation
Estimate hardware capacity needs Estimate hardware requirements
Install Splunk Install Splunk on Windows
Install Splunk on Unix, Linux, or MacOS
Upgrade Splunk Upgrade from an earlier version

Splunk Administration

The Admin Manual that you're reading now provides most of the information about the necessary administration tasks and provides an overview of your available administration methods.

For further information, you can refer to the following manuals.

Task: Look here:
Use Splunk apps Meet Splunk apps
Manage users Manage users
Users and role-based access control
Set up users
Perform backups Back up configuration information
Back up indexed data
Set a retirement and archiving policy
Define alerts Define alerts
Manage search jobs Supervise your search jobs with the Job Manager

Get data into Splunk

Getting Data In is the place to go for information about Splunk data inputs: how to consume data from external sources and how to enhance the value of your data.

Task: Look here:
Learn how to consume external data How to get data into Splunk
Configure file and directory inputs Get data from files and directories
Configure network inputs Get network events
Configure Windows inputs Get Windows data
Configure miscellaneous inputs Other ways to get stuff in
Enhance the value of your data Configure event processing
Configure timestamps
Configure indexed field extraction
Configure host values
Configure source types
Manage event segmentation
See how your data will look after indexing Preview your data
Improve the process Improve the data input process

Manage indexes and indexers

Managing Indexers and Clusters tells you how to configure indexes. It also explains how to manage the components that maintain indexes: indexers and clusters of indexers.

Task: Look here:
Learn about indexing Indexing overview
Manage indexes Manage indexes
Manage index storage Manage index storage
Back up indexes Back up indexed data
Archive indexes Set a retirement and archiving policy
Learn about clusters and index replication About clusters and index replication
Deploy clusters Deploy clusters
Configure clusters Configure clusters
Manage clusters Manage clusters
Learn about cluster architecture How clusters work

Scale Splunk

The Distributed Deployment Manual describes how to distribute Splunk functionality across multiple components, such as forwarders, indexers, and search heads. It also tells you how to use the deployment server to manage your deployment.

Task: Look here:
Learn about distributed Splunk Distributed Splunk overview
Perform capacity planning for Splunk deployments Estimate hardware requirements
Learn how to forward data Forward data
Distribute searches across multiple indexers Search across multiple indexers
Update the deployment Deploy configuration updates across your environment

Secure Splunk

Securing Splunk tells you how to secure your Splunk deployment.

Task: Look here:
Authenticate users and edit roles User and role-based access control
Secure Splunk data with SSL About securing Splunk with SSL
Audit Splunk Audit Splunk activity

Troubleshoot Splunk

The Troubleshooting Manual provides overall guidance on Splunk troubleshooting. In addition, topics in other manuals provide troubleshooting information on specific issues.

Task: Look here:
Learn about Splunk troubleshooting tools First steps
Learn about Splunk log files Splunk log files
Work with Splunk support Contact Splunk support
Resolve common problems Some common scenarios

References and other information

The Splunk documentation includes several useful references, as well as some other sources of information that might be of use to the Splunk administrator.

Reference: Look here:
Configuration file reference Configuration file reference in the Admin Manual
REST API reference REST API Reference Manual
CLI help Available through installed instances of Splunk. For details on how to invoke it, read Get help with the CLI in the Admin Manual.
Release information Release Notes
Information on managing Splunk knowledge Knowledge Manager Manual
Manuals for the Splunk administrator
Start and stop Splunk

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters