Archive

Is there an efficient way to learn Splunk?

Communicator

I've used Splunk a couple of times now and end up evangelizing for it whenever I can. At the same time, I end up feeling pretty ignorant about Splunk most of the time. I'm often stumbling across features or hearing about them as part of an answer to a question. Case in point: I was just told about xyseries and stumbled across cdata.

Searhing through the docs and splunkbase, the materials and commentary are these features (and others) is often pretty thin. The docs I do find are usually well written and accurate - but thin. Am I missing something obvious? There doesn't seem to be a book about Splunk anywhere and yet there are clearly people that know every nook and cranny of the product.

Is there some maximally efficient way to learn Splunk? I've never found digging through other people's examples to work very well for me. Hoepfully, there's a huge manual somewhere that I've managed not to see.

Thanks for any advice or suggestions.

Tags (1)
1 Solution

Splunk Employee
Splunk Employee

The Splunk book is out.

The ePub (iPad, etc) version is available now, for free at http://splunkbook.com

The hard copy should be available in about 2 weeks at Amazon.

View solution in original post

Splunk Employee
Splunk Employee

See also the hungry newbie post.

Splunk Employee
Splunk Employee

This is an old thread but gets a lot of views, so for completeness, here's a newer post with some newer resources. https://answers.splunk.com/answers/372126/are-there-any-other-online-collections-of-splunk-s.html

Splunk Employee
Splunk Employee

The Splunk book is out.

The ePub (iPad, etc) version is available now, for free at http://splunkbook.com

The hard copy should be available in about 2 weeks at Amazon.

View solution in original post

Legend

Hi - Splunk can handle structured files, but that is not what it was designed for. Splunk was designed to handle large volumes of timestamped unstructured data, without a schema. As people apply Splunk to more & more use cases, needs like yours arise and Splunk is evolving to address a wider audience.
This community is hundreds of people who who are freely contributing their time to help others apply Splunk efficiently. Please let us know how we can help you.
And for the price you are paying, for the book and the help - it's a bargain!

0 Karma

New Member

The book misses the point that most Splunk documentation seems to be missing: the arcane art of importing data into Splunk.

Splunk seems to croak with simple CSV and TSV files, does not allow me any simple way (as even Excel does from 20 years ago) to indicate my column structure without the use of a dozen .cfg config files.

This is Chapter 2 in the book, a woeful half-attempt at anything useful. Merely asks us to download data from the book website and move on with "searching". Sorry, dear author, please spend a little time dealing with this in the next version.

0 Karma

Splunk Employee
Splunk Employee

I have heard some rumblings about a book, but nothing official....

0 Karma

Communicator

I don't mind the sales pitch at all. While my main customer is a huge company in the US, I live in rural Australia. Sydney is about 6 hours away and Melbourne around 11 hours. A big town around here is anything around 9,000 people and up. So. I'm keen on on-line resources 😉 I would love to attend a Splunk conference if I can find the time and money.

Is anyone planning a Splunk book?

Motivator

As far as finding new commands, listening to the SplunkTalk podcast even some of their long term SE's still stumble upon features they didn't know about. So I wouldn't be surprised to keep finding new commands, even though it's 4.x it's still a fast moving product. I've always thought their docs were pretty complete and as long as I didn't go in expecting it to mean something it's been pretty clear as well.

0 Karma

New Member

Is there an updated version of the book? I would really like to learn/use the product.

0 Karma

Legend

Sorry, I just had to comment, hope it wasn't too much of a sales pitch

0 Karma

Legend

I am a Splunk instructor, so I am biased. We offer great online classes with live instructors & hands-on labs. See Splunk Education http://www.splunk.com/view/education/SP-CAAAAH9

Both the Using Splunk class & the Searching and Reporting class are packed with Splunk features and commands

There are also videos; most are short, so they can only get into one topic at a time. http://www.splunk.com/videos

Another free resource is Splunk Live; we have events around the country. They usually have informal training from a splunk expert

Finally, attend Splunk .conf in Las Vegas September 2012!