copyright © 2011, splunk inc.listen to your data. date name title getting started with splunk
TRANSCRIPT
Copyright © 2011, Splunk Inc. Listen to your data.
Date
NameTitle
Getting Startedwith Splunk
Copyright © 2011, Splunk Inc. Listen to your data.2
Agenda
• Getting Started (5 minutes)• Splunk at <Your Company> (5-10 minutes)• Orientation (15-20 minutes)• Getting Help (5-10 minutes)• Q & A (10-15 minutes)
Copyright © 2011, Splunk Inc. Listen to your data.3
Introductions
Who are you?What is your role?– Where does your job start and end?
Who’s in the audience?– Have the audience introduce themselves?– How much experience do they have with Splunk?– What do they hope to gain from the workshop?
Copyright © 2011, Splunk Inc. Listen to your data.4
Getting Started
How to access Splunk?– <Splunk URL>– <Credentials: LDAP or other?>
How to request access?– What is the new user onboarding process?– You have a process, right? ;)
What data is currently collected and available?– What is the new data onboarding process?– Please say you have a process
Copyright © 2011, Splunk Inc. Listen to your data.5
Splunk Environment
How is Splunk deployed?– Present a diagram of your Splunk deployment (example on next slide)
Splunk can be downloaded free and sets up in <5 minutes– Free version can be used as sandboxes to learn Splunk or test new
configuration– Free version for home/personal use
Copyright © 2011, Splunk Inc. Listen to your data.
<Your Company> Splunk ArchitectureLicense Capacity: 500 GB/day
6
x5…
Distributed Search andSummary Indexing Tier
Indexing Tier
Forwarders or Forwarding Tier
Data Sources
laptopsdesktops proxy applications syslog firewallservers/VMs config
Copyright © 2011, Splunk Inc. Listen to your data.7
<Your Company> Use Cases
Who is using Splunk (individual users or teams)?What are they doing with Splunk?Highlight success stories, cool challenges solved or interesting questions answered by Splunk.Example: our CIO is able to track productivity using Splunk dashboards of web proxy data.Poll the audience for their use cases.
Copyright © 2011, Splunk Inc. Listen to your data.8
OrientationProvide a walk through of the Splunk UI– Show the Launcher– Show the Getting Started App– Show the Search App
cover the data (sourcetypes, hosts, sources) run a simple search with wildcards/booleans explain the timeline, search controls, filters explain the time range picker (historic vs. real-time searches) find the search in the Jobs manager introduce search commands explain fields and/or demo the interactive field extractor show how to save and schedule searches build a simple report make a simple dashboard
– Ask the audience for search ideas or questions they want answered
Copyright © 2011, Splunk Inc. Listen to your data.9
Orientation
Mention the existence of the CLI and REST APIsShow other cool Apps– Show Apps you have installed– Example: use the GoogleMaps App to geolocate events– Download more from SplunkBase– Users can also build their own
Copyright © 2011, Splunk Inc. Listen to your data.10
Getting Help
Is there an internal wiki or website with more information?Is there an internal mailing list users can ping?Is there an internal chat list?Are there team experts who can be leveraged?
Copyright © 2011, Splunk Inc. Listen to your data.11
Technical Help: Splunk Answers
http://answers.splunk.comCommunity drivenSplunk supportedKnowledge exchangeQ & A
Copyright © 2011, Splunk Inc. Listen to your data.12
Technical Help: Splunk Documentationhttp://docs.splunk.comOfficial Product DocsWiki and community topicsUpdated dailyCan be printed to .PDF
Copyright © 2011, Splunk Inc. Listen to your data.13
Splunk Education
Develop internal Splunk experts
Recommended for New Users– Using Splunk– Searching & Reporting
Recommended for Admins– Administering– Deploying Splunk
Recommended for UI/Dashboard Developers– Developing Apps
Copyright © 2011, Splunk Inc. Listen to your data.14
Splunk EventsSplunk User Groups– Community driven– Bootstrapped by Splunk– Occur every 2-3 months– Hosted locally
Splunk Live!– Worldwide customer events– Technical workshops for beginners and power users– Local Events held in LA, OC, San Diego, Phoenix yearly
Splunk User Conference– August 15-17 in San Francisco, CA– 5 tracks, more than 40 sessions, the smartest Splunk users together– May 13th early registration promotion
www.splunk.com > Events
Copyright © 2011, Splunk Inc. Listen to your data.15
Other Ways to Get Help
Post a Question to Splunk Answers
Find an app on Splunkbase
Join the IRC channel #splunk on efnet
Join the Splunk LinkedIn Group
Follow @Splunk on Twitter
Watch Splunk Videos on YouTube
Copyright © 2011, Splunk Inc. Listen to your data.16
Q&A
Questions?Looking Ahead– Was the workshop useful?– Get ideas for future workshops– Recruit someone in the audience to host a future workshop– Consider hosting a Search/Story of the Month contest
Copyright © 2011, Splunk Inc. Listen to your data.
Thank You :)