Get Started With Splunk PPT
Download
Report
Transcript Get Started With Splunk PPT
Getting Started
with Splunk
Name
Title
Date
Copyright © 2011, Splunk Inc.
Listen to your data.
Agenda
• Getting Started (5 minutes)
• Splunk at <Your Company> (5-10 minutes)
• Orientation (15-20 minutes)
• Getting Help (5-10 minutes)
• Q & A (10-15 minutes)
Copyright © 2011, Splunk Inc.
2
Listen to your data.
Introductions
• Who are you?
• What is your role?
– Where does your job start and end?
• Who’s in the audience?
– Have the audience introduce themselves?
– How much experience do they have with Splunk?
– What do they hope to gain from the workshop?
Copyright © 2011, Splunk Inc.
3
Listen to your data.
Getting Started
• How to access Splunk?
– <Splunk URL>
– <Credentials: LDAP or other?>
• How to request access?
– What is the new user onboarding process?
– You have a process, right? ;)
• What data is currently collected and available?
– What is the new data onboarding process?
– Please say you have a process
Copyright © 2011, Splunk Inc.
4
Listen to your data.
Splunk Environment
• How is Splunk deployed?
– Present a diagram of your Splunk deployment (example on next slide)
• Splunk can be downloaded free and sets up in <5 minutes
– Free version can be used as sandboxes to learn Splunk or test new
configuration
– Free version for home/personal use
Copyright © 2011, Splunk Inc.
5
Listen to your data.
<Your Company> Splunk Architecture
License Capacity: 500 GB/day
Distributed Search and
Summary Indexing Tier
Indexing Tier
x5
…
Forwarders or
Forwarding Tier
Data Sources
desktops
Copyright © 2011, Splunk Inc.
laptops
servers/VMs
proxy
applications
6
syslog
firewall
config
Listen to your data.
<Your Company> Use Cases
• Who is using Splunk (individual users or teams)?
• What are they doing with Splunk?
• Highlight success stories, cool challenges solved or interesting
questions answered by Splunk.
• Example: our CIO is able to track productivity using Splunk
dashboards of web proxy data.
• Poll the audience for their use cases.
Copyright © 2011, Splunk Inc.
7
Listen to your data.
Orientation
• Provide a walk through of the Splunk UI
– Show the Launcher
– Show the Getting Started App
– Show the Search App
cover the data (sourcetypes, hosts, sources)
run a simple search with wildcards/booleans
explain the timeline, search controls, filters
explain the time range picker (historic vs. real-time searches)
find the search in the Jobs manager
introduce search commands
explain fields and/or demo the interactive field extractor
show how to save and schedule searches
build a simple report
make a simple dashboard
– Ask the audience for search ideas or questions they want answered
Copyright © 2011, Splunk Inc.
8
Listen to your data.
Orientation
• Mention the existence of the CLI and REST APIs
• Show other cool Apps
–
–
–
–
Show Apps you have installed
Example: use the GoogleMaps App to geolocate events
Download more from SplunkBase
Users can also build their own
Copyright © 2011, Splunk Inc.
9
Listen to your data.
Getting Help
•
•
•
•
Is there an internal wiki or website with more information?
Is there an internal mailing list users can ping?
Is there an internal chat list?
Are there team experts who can be leveraged?
Copyright © 2011, Splunk Inc.
10
Listen to your data.
Technical Help: Splunk Answers
http://answers.splunk.com
Community driven
Splunk supported
Knowledge exchange
Q&A
Copyright © 2011, Splunk Inc.
11
Listen to your data.
Technical Help: Splunk Documentation
http://docs.splunk.com
Official Product Docs
Wiki and community topics
Updated daily
Can be printed to .PDF
Copyright © 2011, Splunk Inc.
12
Listen to your data.
Splunk Education
Develop internal Splunk experts
Recommended for New Users
– Using Splunk
– Searching & Reporting
Recommended for Admins
– Administering
– Deploying Splunk
Recommended for UI/Dashboard Developers
– Developing Apps
Copyright © 2011, Splunk Inc.
13
Listen to your data.
Splunk Events
Splunk User Groups
–
–
–
–
Community driven
Bootstrapped by Splunk
Occur every 2-3 months
Hosted locally
www.splunk.com > Events
Splunk Live!
– Worldwide customer events
– Technical workshops for beginners and power users
– Local Events held in LA, OC, San Diego, Phoenix yearly
Splunk User Conference
– August 15-17 in San Francisco, CA
– 5 tracks, more than 40 sessions, the smartest Splunk users together
– May 13th early registration promotion
Copyright © 2011, Splunk Inc.
14
Listen to your data.
Other Ways to Get Help
Post a Question to Splunk Answers
Find an app on Splunkbase
Join the IRC channel #splunk on efnet
Join the Splunk LinkedIn Group
Follow @Splunk on Twitter
Watch Splunk Videos on YouTube
Copyright © 2011, Splunk Inc.
15
Listen to your data.
Q&A
• Questions?
• Looking Ahead
–
–
–
–
Was the workshop useful?
Get ideas for future workshops
Recruit someone in the audience to host a future workshop
Consider hosting a Search/Story of the Month contest
Copyright © 2011, Splunk Inc.
16
Listen to your data.
Thank You :)
Copyright © 2011, Splunk Inc.
Listen to your data.