Upload File

splunk

Download Splunk

If you can't read please download the document

Upload: mycellwasstolencom

Post on 17-Aug-2015

435 views

Category:

Education


5 download

Report

TRANSCRIPT

  1. 1. Splunk CloudSplunk Cloud Priyanka Wadhwa Knoldus Software LLP Priyanka Wadhwa Knoldus Software LLP
  2. 2. Agenda What is Splunk ? Why Splunk ? Splunk Products Splunk Cloud Installation Guide Generating Logs Demo What is Splunk ? Why Splunk ? Splunk Products Splunk Cloud Installation Guide Generating Logs Demo
  3. 3. What is splunk ? What do we do when you need information about the state of our application, machine or software? We look at its logfiles. They tell us the state it is in and what happened recently. Splunk started out as a kind of Google for Logfiles. It does a lot more today but log processing is still at the products core. It stores all your logs and provides very fast search capabilities roughly in the same way Google does for the internet.
  4. 4. Brief History... Splunk is an American multinational corporation based in San Francisco, California, which produces software for searching, monitoring, and analyzing machine-generated big data. Splunk (the product) captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations. The company was started in 2003 by co-founders Michael Baum, Rob Das and Erik Swan. With Splunk we can onboard, enrich and analyze machine data faster than ever before.
  5. 5. We see data everywhere. We offers the leading platform for Operational Intelligence. We look closely at what others ignore (machine data) and find what others never see: insights that can help make your company to be more productive, profitable, competitive and secure. - Splunk
  6. 6. Work ... Turning Machine Data Into Insights : Machine-generated data is one of the fastest growing and complex areas of big data. It's also one of the most valuable, containing a definitive record of all user transactions, customer behavior, machine behavior, security threats, fraudulent activity and more. Splunk turns machine data into valuable insights. Turning Machine Data Into Insights : Machine-generated data is one of the fastest growing and complex areas of big data. It's also one of the most valuable, containing a definitive record of all user transactions, customer behavior, machine behavior, security threats, fraudulent activity and more. Splunk turns machine data into valuable insights.
  7. 7. How Splunk instruments your site?
  8. 8. Why splunk ? Index, (no) Schema, Events : Database requires you to define tables and fields before you can store data whereas Splunk accepts almost anything immediately after installation. Splunk does not have a fixed schema. Instead, it performs field extraction at search time. Many log formats are recognized automatically. This approach allows for great flexibility. Just as Google crawls any web page without knowing anything about a sites layout, Splunk indexes any kind of machine data that can be represented as text. Scalability, (no) Backend : Splunk stores data directly in the file system. Installation is superfast Scalability is easy No single point of failure Infinite retention without losing granularity
  9. 9. Splunk Products Splunk Enterprise Splunk Cloud Slunk Light Hunk Splunk Mint App for Enterprise Security Splunk App for Stream Apps and add-ons
  10. 10. Splunk Cloud Splunk Cloud is backed by a 100% uptime SLA, scales to over 10TB/day, and offers a highly secure environment. Up to 10x Bursting : Splunk Cloud supports up to 10x bursting over licensed data volumes. Reliable Performance : Dedicated cloud environments help ensure your service performance is not impacted by the actions of another customer. 100% Uptime SLA : Splunk Cloud is backed by a 100% uptime SLA. "Splunk Cloud has widened our user base. Our operations folks use Splunk, our application people use Splunk and our security people use Splunk. Splunk Cloud gives you applications that let you get a huge amount of value from your data." -Sr. Director of Information Security
  11. 11. Splunk Cloud installation.. Step-1 : Signup over splunk : https://www.splunk.com Step-2 : Select Splunk Cloud from Splunk products available. Step-3 : Go for your own online sandbox. You will get a cloud URL, click over your cloud URL and start setting up credentials for your Splunk Cloud. Step-4 : It will redirect to its dashboard. Now click : settings icon (left top upper corner) an goto the Universal Forwarder. Step-5 : Follow the installation steps written and add Splunk Universal Forwarder.
  12. 12. Lets setup Splunk Universal Forwarder
  13. 13. Some useful Splunk Commands... To Stop the splunk server: $ sudo ./splunk stop To Start the splunk server: $ sudo ./splunk start To Check status of splunk server : $ sudo ./splunk status To Check list of app: $ sudo ./splunk list app To Remove an app: $sudo ./splunk remove app To check list of monitors: $sudo ./splunk list monitor
  14. 14. Splunk Sandbox... The Splunk Online Sandbox is a free and personal online environment where you can explore the Splunk Enterprise features. Using the Splunk Online Sandbox, you can search, analyze, and visualize your own data or pre-populated data sets. You may index up to 5GB of data per day, up to a total of 28GB of data in your sandbox.
  15. 15. API sp.js provides a common set of tracking methods: sp.track(event, properties, fn) sp.trackLink(links, event, properties) sp.pageview(url) sp.identify(userId, userTraits)
  16. 16. sp.track(event, properties, fn) : Track a custom event (i.e. user action) along with a set of associated event properties. sp.trackLink(links, event, properties) : Track link clicks, including outbound links, with a custom event and custom properties. Tracking occurs before page changes. This automatically records properties such as the anchor (a) tag's href and text.
  17. 17. sp.pageview(url) Tracks a 'pageview' event including document title and referrer. This is automatically called by default. sp.identify(userId, userTraits) Associate a user with an ID, and record user-specific traits or persistent properties. These persistent properties will be automatically added as properties to any subsequent tracked event.
  18. 18. Generating Splunk Logs... This is a Node.js backend collector for client-side data that is tracked by sp.js Analytics JavaScript library. All tracked events are collected in events.log. Install with Node.js package manager npm and Start the collector server by typing: * You will observe the logs getting tracked in you terminal with every action you perform over your web-page wherein the logs are placed for tracking.
  19. 19. To use sp.js, simply paste the following snippet of code before the closing tag on your page:
  20. 20. Log Tracking
  21. 21. Splunk data Visualization
  22. 22. Reference https://github.com/splunk/splunk-demo-collector-for-analyticsjs#api http://blogs.splunk.com/2013/10/17/still-using-3rd-party-web-analytics-pro
  23. 23. Thanks :)Thanks :)

Referent / Redner Benjamin Tiggemann · 2015-07-08 · Splunk for Exchange Splunk for Enterprise Security* Splunk for Vmware Splunk for PCI Compliance* Splunk for Windows Splunk for

Tenable and Splunk Integration · Splunk Splunkreceivesvulnerabilitydatacollectedby SecurityCenter Nessus NessusHost Scans,Nes-susPlugins Splunk SplunkreceivesvulnerabilitydatacollectedbyNes-

Program Overview - Splunk...mission-critical services. None. Splunk Enterprise System Administration Splunk Enterprise Data Administration Splunk Cloud Administration Implementing

Splunk のご紹介 - hitachi.co.jp · Splunkの歴史. 5 . 2006 . Splunk 1 . Splunk 2 . 2007 . Splunk 3 . 2009 . Splunk 4 . 2010 . Splunk 4.1 . 2011 Splunk 4.2 . App for Enterprise

Our experiences throughout the 3 year journey · Splunk – Hardware is now available for Splunk expansion • Splunk begins to fill monitoring gaps, acts as “glue” • Splunk

Splunk conf2014 - Splunk for Data Science

Fortscale Splunk Integrationinfo.fortscale.com/hubfs/UEBA Content/Fortscale Splunk Integration.pdf · Fortscale Splunk Integration ... Fortscale digests access and authentication

Splunk Conf2010: Corporate Express presents Splunk with SAP

SPLUNK® ENTERPRISE - CDWwebobjects.cdw.com/.../Splunk/Product-Brief-Splunk-Enterprise-The... · Splunk Enterprise collects data from any source, including logs, clickstreams, sensors,

SPLUNK Capabilities Overview - GTRI · Overview GTRI is the only ELITE Splunk integrator with certified Splunk architects and engineers on staff. In addition to ... SPLUNK-Overview

SplunkingYour Mobile Apps - .conf19 | Splunk · Introducing Splunk for Mobile Intelligence (Splunk MINT) Deploying Splunk MINT – Intro to SDKs – Getting Started Using Splunk MINT

Splunk hunkbeta

Splunk 教學 - Splunk Documentationdocs.splunk.com/images/d/db/Tutorial_zh_TW_502.pdf · 簡介 歡迎使用 Splunk 教學! Splunk 是什麼? Splunk 是一個可從構成您

Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Splunk bsides

Splunk Search

インストールマニュアル Splunk Enterprise 6.2docs.splunk.com/images/8/8b/Splunk-6.2.0-ja_JP-Installation.pdf · Splunk Enterprise インストールマニュアルによう

stoQ’ing your Splunk - SANS · PDF filestoQ’ingyour Splunk Ryan Kovar, Splunk Marcus LaFerrera, PUNCH SANS DFIR 2016

Industrial Data Internet of Things splunk (REST API, SDKs) splunk . TESCO splunk 500 Y—Jt1-3— 41328 . SHANON 1/5 splunk . htt . (500MB/B) s lunk splunk . Created Date:

ReversingLabs Explainable Threat Intelligence Enriches ... Data Sheets/RL-Splunk...sent to Splunk. • In Splunk, the TitaniumScale report is correlated with other available Splunk

Monitoring Docker Containers with Splunk - Splunk .conf · Splunk and Docker – At A Glance Visibility in your Container Environments Delivering Splunk as Containers Monitoring for

Netfilter Iptables for Splunk Documentation - Read the Docs · Netfilter Iptables for Splunk Documentation, Release 0 Splunk Answers Splunk has a strong community of active users

Admission Control using Splunk Enterprise Deployment Guide€¦ · Configuring Splunk Enterprise ... For more information on Splunk configuration, see Splunk documentation. Troubleshooting

Splunk Enterprise 6.5.0 Splunk Enterprise 보안

Time*ACer*Time*–** Comparing*Time*Ranges*in*Splunk* · AboutMe*! Splunk*Senior*Instructor*since*2009*! Frequentcontributor*to*Splunk*Answers*! Love*Splunk*search*language*puzzles*

Deploying Splunk. Arquitetura e dimensionamento do Splunk

Splunk in Rakuten: Splunk as a Service for all

FireEye Splunk InterFireEye + Splunk: Intermediate Guidemediate Guide

Agency Chargeback Models to Enable Enterprise Splunk ......Workshops: Get Splunk Hands -on Experience Attend a Splunk Workshop Upcoming Schedule December 1: Introduction to Splunk

معماری Splunk

Splunk For IT Operational Intelligenceuploads.integrity360.com/1425903243-Splunk-for-IT-Operations.pdf · • Splunk Apps –Splunk App for VMware –Splunk Apps for Citrix & Hyper

Splunk user group - automating Splunk with Ansible

Splunk Review - University of Birmingham · Ref: Splunk Review, Dec 2014 Mohammad Rameez Shafsad [email protected] Indexing 2.2.1 Searching using splunk Splunk uses

Splunk conf2014 - Onboarding Data Into Splunk

Splunk App for StreamMany Solutions, One Goal. Some history •Splunk acquires Cloudmeter, December 2013 •Renamed Splunk App for Stream •Released with Splunk 6.0 (August, 2014)