Splunk is more than just a log management tool. In this video, learn the basics of what Splunk can do.
- [Instructor] Before we get too far into this course, let's answer a simple question. What is Splunk? Splunk Enterprise is an integrated solution for managing data. Generally used for things like system logs and machine data. Splunk lets you collect all of your data in one place and easily search, create reports and visualizations. You can also use Splunk to trigger alerts based on what's happening with your data. Splunk is commercial software, but they offer what they call a free sample version, Splunk Free, which is what we'll be using in this course.
The skills you learn on this version should apply to the paid editions. The real power of Splunk comes from being a single place to collect all of your data. It means that you no longer have to hunt through logs on several web servers, for example, but it also means that you can quickly cross reference different machines or trace an issue by walking through from an app server to a database instance, for example. Splunk supports basic keyword search, which can be very powerful with the addition of constraints, like time periods.
It also has a robust advanced search syntax that can be used for more complex queries. Beyond the ad hoc searching, Splunk lets you create repeatable structured reports. Visualizations are also used full-feature. Our brains are pretty good at spotting patterns in visual data. Sometimes it's hard to spot a problem by just looking at logs and text, but when the data is abstracted into several graphs on a big screen, those connections become obvious.
- Installing Splunk
- Filtering search data
- Advanced search syntax
- Creating reports and dashboards
- Creating alerts and actions
- Configuring remote data and multiple data streams