Splunk platform administration: the big picture
The Admin Manual provides information about the initial administration tasks as well as information about the different methods you can use to administer your Splunk software. For a more specific overview of what you can do with the Admin Manual, see How to use this manual.
Below are administration tasks you might want to do after initial configuration and where to go to learn more.
| Task: | Look here: |
|---|---|
| Perform backups | Back up configuration information Back up indexed data Set a retirement and archiving policy |
| Define alerts | The Alerting Manual |
| Manage search jobs | Manage search jobs |
For more administration help, see the manuals described below.
Install and upgrade Splunk Enterprise
The Installation Manual describes how to install and upgrade Splunk Enterprise. For information on specific tasks, start here.
| Task: | Look here: |
|---|---|
| Understand installation requirements | Plan your installation |
| Estimate hardware capacity needs | Estimate hardware requirements |
| Install Splunk | Install Splunk Enterprise on Windows Install Splunk Enterprise on Unix, Linux, or MacOS |
| Upgrade Splunk Enterprise | Upgrade from an earlier version |
Get data in
Getting Data In is the place to go for information about data inputs: how to consume data from external sources and how to enhance the value of your data.
| Task: | Look here: |
|---|---|
| Learn how to consume external data | How to get data into Splunk |
| Configure file and directory inputs | Get data from files and directories |
| Configure network inputs | Get network events |
| Configure Windows inputs | Get Windows data |
| Configure miscellaneous inputs | Other ways to get data in |
| Enhance the value of your data | Configure event processing Configure timestamps Configure indexed field extraction Configure host values Configure source types Manage event segmentation Use lookups and workflow actions |
| See how your data will look after indexing | Preview your data |
| Improve the process | Improve the data input process |
Manage indexes and indexers
Managing Indexers and Clusters tells you how to configure indexes. It also explains how to manage the components that maintain indexes: indexers and clusters of indexers.
| Task: | Look here: |
|---|---|
| Learn about indexing | Indexing overview |
| Manage indexes | Manage indexes |
| Manage index storage | Manage index storage |
| Back up indexes | Back up indexed data |
| Archive indexes | Set a retirement and archiving policy |
| Learn about clusters and index replication | About clusters and index replication |
| Deploy clusters | Deploy clusters |
| Configure clusters | Configure clusters |
| Manage clusters | Manage clusters |
| Learn about cluster architecture | How clusters work |
Scale Splunk platform deployments
The Distributed Deployment Manual describes how to distribute Splunk platform functionality across multiple components, such as forwarders, indexers, and search heads. Associated manuals cover distributed components in detail:
- The Forwarding Data Manual describes forwarders.
- The Distributed Search Manual describes search heads.
- The Updating Splunk Components Manual explains how to use the deployment server and forwarder management to manage your deployment.
| Task: | Look here: |
|---|---|
| Learn about distributed Splunk platform deployments | Scale deployments |
| Perform capacity planning for Splunk platform deployments | Estimate hardware requirements |
| Learn how to forward data | Forward data |
| Distribute searches across multiple indexers | Search across multiple indexers |
| Update the deployment | Deploy configuration updates across your environment |
Secure Splunk Enterprise
Securing Splunk tells you how to secure your Splunk Enterprise deployment.
| Task: | Look here: |
|---|---|
| Authenticate users and edit roles | User and role-based access control |
| Secure data with SSL | Secure authentication and encryption |
| Audit Splunk software | Audit system activity |
| Use Single Sign-On (SSO) with Splunk software | Configure Single Sign-on |
| Use Splunk software with LDAP | Set up user authentication with LDAP |
Troubleshoot Splunk software
The Troubleshooting Manual provides overall guidance on Splunk platform troubleshooting. In addition, topics in other manuals provide troubleshooting information on specific issues.
| Task: | Look here: |
|---|---|
| Learn about Splunk platform troubleshooting tools | First steps |
| Learn about Splunk log files | Splunk log files |
| Work with Splunk support | Contact Splunk support |
| Resolve common problems | Some common scenarios |
References and other information
The Splunk documentation includes several useful references, as well as some other sources of information that might be of use to the Splunk software administrator.
| Reference: | Look here: |
|---|---|
| Configuration file reference | Configuration file reference in the Admin Manual |
| REST API reference | REST API Reference Manual |
| CLI help | Available through installed instances of Splunk Enterprise. For details on how to invoke it, read Get help with the CLI in the Admin Manual. |
| Release information | Release Notes |
| Information on managing Splunk platform knowledge objects | Knowledge Manager Manual |
| How to use this manual | Other manuals for the Splunk platform administrator |
This documentation applies to the following versions of Splunk® Enterprise: 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1
Download manual
Feedback submitted, thanks!