Solved: Re: mastering splunk

sarah89 · ‎04-05-2012

i'm new in this

i want to know how much time of learning how to use splunk and it's fontionalities

thk's

MHibbin · ‎04-05-2012

@Sarah89,

You should start looking through the docs provided by MarioM. It also helps to give yourself a task whilst learning (e.g. Want to monitor disk space), this way you can follow the process from start to finish. For example, on Linux installation this could be:

Data: Create a simple bash script that calls the command "df -m"
Inputs: Set this up as a scripted input in Splunk to run every 30 seconds
Searching: Craft a search to show free space for each filesystem
Reports: Plot it in a pie chart (e.g. Free space over Capacity)
Dashboard: Add the pie chart to a dashboard.
Alerts: Create an alert, to notify you when a device reaches 80% utilisation

You should also jump on the IRC chat channel "#splunk" (link: http://www.splunk.com/view/SP-CAAACDF). As there many helpful and friendly users there. So you'll be able to get a quick answer to simple queries.

Hope this helps

MHibbin

View solution in original post

MHibbin · ‎04-05-2012

@Sarah89,

You should start looking through the docs provided by MarioM. It also helps to give yourself a task whilst learning (e.g. Want to monitor disk space), this way you can follow the process from start to finish. For example, on Linux installation this could be:

Data: Create a simple bash script that calls the command "df -m"
Inputs: Set this up as a scripted input in Splunk to run every 30 seconds
Searching: Craft a search to show free space for each filesystem
Reports: Plot it in a pie chart (e.g. Free space over Capacity)
Dashboard: Add the pie chart to a dashboard.
Alerts: Create an alert, to notify you when a device reaches 80% utilisation

You should also jump on the IRC chat channel "#splunk" (link: http://www.splunk.com/view/SP-CAAACDF). As there many helpful and friendly users there. So you'll be able to get a quick answer to simple queries.

Hope this helps

MHibbin

sarah89 · ‎04-08-2012

ok ,i will do this

MarioM · ‎04-08-2012

create a new question with details of what you have done and paste your conf file.
As well as an extract of your \splunkforwarder\var\log\splunk\splunkd.log

sarah89 · ‎04-08-2012

for forwading can someone explain the basic procedure to me ,using universal forwarding

ps: i followed all the steps mentioned on distributed deployement manual ,but it doesn't seem to work

please can someone help

sarah89 · ‎04-08-2012

well thk's a lot for your answers

MHibbin · ‎04-05-2012

it should probably also be noted... Splunk is such a vast and "deep" platform that you can never truly "master" it. I'm sure even some of the Splunk "veterans" do not know everything in the world of Splunk.

MHibbin · ‎04-05-2012

or better yet (from the splunk docs) =p

http://dev.splunk.com/web_assets/developers/pdf/splunk_reference.pdf

http://docs.splunk.com/images/a/a3/Splunk_4.x_cheatsheet.pdf

araitz · ‎04-05-2012

For the search language, don't forget the search cheat sheet and PDF reference:

http://www.innovato.com/splunk/

http://www.innovato.com/splunk/RefCard.pdf

MHibbin · ‎04-05-2012

cool, good luck! it's fairly simple once you've done it a few times (i think!)

sarah89 · ‎04-05-2012

thk's your answer, i started with the manual user and i finished it

and now i'm using distributed deployment manual for deploying topologies, and forwarders
it's very interessting

MarioM · ‎04-05-2012

here Splunk Tutorial is a good place to start and it will get you through most of splunk features.

mastering splunk

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor