Knowledge Management

mastering splunk

sarah89
Path Finder

i'm new in this

i want to know how much time of learning how to use splunk and it's fontionalities

thk's

Tags (1)
1 Solution

MHibbin
Influencer

@Sarah89,

You should start looking through the docs provided by MarioM. It also helps to give yourself a task whilst learning (e.g. Want to monitor disk space), this way you can follow the process from start to finish. For example, on Linux installation this could be:

  1. Data: Create a simple bash script that calls the command "df -m"
  2. Inputs: Set this up as a scripted input in Splunk to run every 30 seconds
  3. Searching: Craft a search to show free space for each filesystem
  4. Reports: Plot it in a pie chart (e.g. Free space over Capacity)
  5. Dashboard: Add the pie chart to a dashboard.
  6. Alerts: Create an alert, to notify you when a device reaches 80% utilisation

You should also jump on the IRC chat channel "#splunk" (link: http://www.splunk.com/view/SP-CAAACDF). As there many helpful and friendly users there. So you'll be able to get a quick answer to simple queries.

Hope this helps

MHibbin

View solution in original post

MHibbin
Influencer

@Sarah89,

You should start looking through the docs provided by MarioM. It also helps to give yourself a task whilst learning (e.g. Want to monitor disk space), this way you can follow the process from start to finish. For example, on Linux installation this could be:

  1. Data: Create a simple bash script that calls the command "df -m"
  2. Inputs: Set this up as a scripted input in Splunk to run every 30 seconds
  3. Searching: Craft a search to show free space for each filesystem
  4. Reports: Plot it in a pie chart (e.g. Free space over Capacity)
  5. Dashboard: Add the pie chart to a dashboard.
  6. Alerts: Create an alert, to notify you when a device reaches 80% utilisation

You should also jump on the IRC chat channel "#splunk" (link: http://www.splunk.com/view/SP-CAAACDF). As there many helpful and friendly users there. So you'll be able to get a quick answer to simple queries.

Hope this helps

MHibbin

sarah89
Path Finder

ok ,i will do this

0 Karma

MarioM
Motivator

create a new question with details of what you have done and paste your conf file.
As well as an extract of your \splunkforwarder\var\log\splunk\splunkd.log

0 Karma

sarah89
Path Finder

for forwading can someone explain the basic procedure to me ,using universal forwarding

ps: i followed all the steps mentioned on distributed deployement manual ,but it doesn't seem to work

please can someone help

0 Karma

sarah89
Path Finder

well thk's a lot for your answers

0 Karma

MHibbin
Influencer

it should probably also be noted... Splunk is such a vast and "deep" platform that you can never truly "master" it. I'm sure even some of the Splunk "veterans" do not know everything in the world of Splunk.

0 Karma

araitz
Splunk Employee
Splunk Employee

For the search language, don't forget the search cheat sheet and PDF reference:

http://www.innovato.com/splunk/

http://www.innovato.com/splunk/RefCard.pdf

MHibbin
Influencer

cool, good luck! it's fairly simple once you've done it a few times (i think!)

0 Karma

sarah89
Path Finder

thk's your answer, i started with the manual user and i finished it

and now i'm using distributed deployment manual for deploying topologies, and forwarders
it's very interessting

0 Karma

MarioM
Motivator

here Splunk Tutorial is a good place to start and it will get you through most of splunk features.

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...