Splunk® Enterprise

Admin Manual

Other manuals for the Splunk platform administrator

The Admin Manual is one of several books with important information and procedures for the Splunk Enterprise administrator. But it's just the beginning of what you can do with Splunk Enterprise.

If you need to configure, run, or maintain Splunk Enterprise as a service for yourself or other users, start with this book. Then go to these other manuals for details on specific areas of Splunk Enterprise administration.

Manual What it covers Key topic areas
Getting Data In Specifying data inputs and improving how Splunk software handles data How to get data into Splunk
Configure event processing
Preview your data
Managing Indexers and Clusters Managing Splunk indexers and clusters of indexers About indexing and indexers
Manage indexes
Back up and archive your indexes
About clusters and index replication
Deploy clusters
Distributed Deployment Scaling your deployment to fit the needs of your enterprise. Distributed Splunk overview
Forwarding Data Forwarding data into Splunk. Forward data
Distributed Search Using search heads to distribute searches across multiple indexers. Search across multiple indexers
Updating Splunk Components Using the deployment server and forwarder management to update Splunk components such as forwarders and indexers. Deploy updates across your environment
Securing Splunk Data security and user authentication User authentication and roles
Encryption and authentication with SSL
Auditing
Monitoring Splunk Enterprise Use included dashboards and alerts to monitor and troubleshoot your Splunk Enterprise deployment About the monitoring console
Troubleshooting Solving problems First steps
Splunk log files
Some common scenarios
Installation Installing and upgrading Splunk System requirements
Step by step installation procedures
Upgrade from an earlier version

The topic "Learn to administer Splunk" provides more detailed guidance on where to go to read about specific admin tasks.

Other books of interest to the Splunk administrator

In addition to the manuals that describe the primary administration tasks, you might want to visit other manuals from time to time, depending on the size of your Splunk Enterprise installation and the scope of your responsibilities. These are other manuals in the Splunk Enterprise documentation set:

  • Search Tutorial. This manual provides an introduction to searching with Splunk.
  • Knowledge Manager. This manual describes how to manage Splunk knowledge objects, such as event types, tags, lookups, field extractions, workflow actions, saved searches, and views.
  • Alerting. This manual describes Splunk's alerting and monitoring functionality.
  • Data Visualizations. This manual describes the range of visualizations that Splunk provides.
  • Search Manual. This manual tells you how to search and how to use the Splunk search language.
  • Search Reference. This reference contains a detailed catalog of the Splunk search commands.
  • Developing Views and Apps for Splunk Web. This manual explains how to develop views and apps using advanced XML. It also contains other developer topics, such as custom scripts and extending Splunk.
  • REST API Reference. This manual provides information on all publicly accessible REST API endpoints.
  • Release Notes. Look here for information about new features, known issues, and fixed problems.

The larger world of Splunk documentation

For links to the full set of Splunk Enterprise documentation, including the manuals listed above, visit: Splunk Enterprise documentation.

To access all the Splunk documentation, including manuals for apps, go to this page: Welcome to Splunk documentation.

Make a PDF

If you'd like a PDF version of this manual, click the red Download the Admin Manual as PDF link below the table of contents on the left side of this page. A PDF version of the manual is generated on the fly. You can save it or print it to read later.

Last modified on 25 September, 2016
Splunk platform administration: the big picture   Introduction for Windows admins

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters