Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Improving Your Splunk Skills

You're reading from   Improving Your Splunk Skills Leverage the operational intelligence capabilities of Splunk to unlock new hidden business insights

Arrow left icon
Product type Course
Published in Aug 2019
Publisher Packt
ISBN-13 9781838981747
Length 680 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Authors (4):
Arrow left icon
James D. Miller James D. Miller
Author Profile Icon James D. Miller
James D. Miller
Josh Diakun Josh Diakun
Author Profile Icon Josh Diakun
Josh Diakun
Paul R. Johnson Paul R. Johnson
Author Profile Icon Paul R. Johnson
Paul R. Johnson
Derek Mock Derek Mock
Author Profile Icon Derek Mock
Derek Mock
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Title Page
Copyright and Credits About Packt Contributors Preface 1. The Splunk Interface 2. Understanding Search FREE CHAPTER 3. Tables, Charts, and Fields 4. Data Models and Pivots 5. Simple XML Dashboards 6. Extending Search 7. Working with Apps 8. Building Advanced Dashboards 9. Summary Indexes and CSV Files 10. Configuring Splunk 11. Play Time – Getting Data In 12. Building an Operational Intelligence Application 13. Diving Deeper – Advanced Searching, Machine Learning and Predictive Analytics 14. Speeding Up Intelligence – Data Summarization 15. Above and Beyond – Customization, Web Framework, HTTP Event Collector, REST API, and SDKs 1. Other Books You May Enjoy

The top bar

The bar across the top of the window contains information about where you are as well as quick links to preferences, other apps, and administration.

The current app is specified in the upper-left corner. The following screenshot shows the upper-left Splunk bar when using the Search & Reporting app:

Clicking on the text takes you to the default page for that app. In most apps, the text next to the logo is simply changed, but the whole block can be customized with logos and alternate text by modifying the app's CSS. We will cover this in Chapter 7, Working with Apps:

The upper-right corner of the window, as seen in the previous screenshot, contains action links that are almost always available:

  • The name of the user who is currently logged in appears first. In this case, the user is Administrator. Previously, clicking on the username allowed you to select Edit Account (which would take you to the Your account page) or Logout (of Splunk). In version 7.0, it's a bit different. The first option is now listed as Account Settings, which opens a settings page similar to prior versions (below is the 7.0 page). Logout is the other option, and, like prior versions, it ends the session and forces the user to log in again.

The following screenshot shows what the your account page looks like:

This form presents the global preferences that a user is allowed to change. Other settings that affect users are configured through permissions on objects and settings on roles. (Note that preferences can also be configured using the command-line interface or by modifying specific Splunk configuration files.) Preferences include the following:

  • Full name and Email address are stored for the administrator's convenience.
  • Set password allows you to change your password. This is relevant only if Splunk is configured to use internal authentication. For instance, if the system is configured to use Windows Active Directory via LDAP (a very common configuration), users must change their password in Windows.
  • Global/Time zone can be changed for the logged-in user.
Setting the time zone only affects the time zone used to display the data. It is very important that the date is parsed properly when events are indexed. We will discuss this in detail in >Chapter 2, Understanding Search.
  • Default application controls where you first land after login. Most users will want to change this to search.
  • Restart backgrounded jobs controls whether unfinished queries should run again if Splunk is restarted.
  • Search/Search assistant/Syntax highlighting/auto-format and Show line numbers: these properties are used for assistance with command syntax, including examples, autocomplete syntax, or to turn off search assistance. Syntax highlighting displays search string components in different colors.

  • Messages allows you to view any system-level error messages you may have pending. When there is a new message for you to review, a notification displays as a count next to the Messages menu. You can click on the X to remove a message.

  • The Settings link presents the user with the configuration pages for all Splunk Knowledge objects, Distributed environment, System and Licensing, Data, and Users and Authentication settings. For any option that you are unable to see, you do not have the permissions to view or edit it:
  • The Activity menu lists shortcuts to Splunk Jobs, Triggered Alerts, and (in previous versions System Activity) views.
  • You can click on Jobs (to open the search jobs manager window, where you can view and manage currently running searches) or Triggered Alerts (to view scheduled alerts that are triggered).
Note: In version 7.0, System Activity (to see dashboards about user activity and status of the system) has been removed from under Activity. You can actually access all of this detailed information in Search!
  • Help lists links to video tutorials, Splunk Answers, the Splunk Contact Support portal, and online Documentation:
  • Find can be used to search for objects within your Splunk Enterprise instance. These saved objects include Reports, Dashboards, Alerts, and so on. Errors can be searched with the Search & Reporting app by clicking on Open error in search.
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image