Getting Started with Splunk Name Title Date Copyright

Agenda • Getting Started (5 minutes) • Splunk at <Your Company> (5 -10 minutes)

Introductions • Who are you? • What is your role? – Where does your

Getting Started • How to access Splunk? – <Splunk URL> – <Credentials: LDAP or

Splunk Environment • How is Splunk deployed? – Present a diagram of your Splunk

<Your Company> Splunk Architecture License Capacity: 500 GB/day Distributed Search and Summary Indexing Tier

<Your Company> Use Cases • Who is using Splunk (individual users or teams)? •

Orientation • Provide a walk through of the Splunk UI – Show the Launcher

Orientation • Mention the existence of the CLI and REST APIs • Show other

Getting Help • • Is there an internal wiki or website with more information?

Technical Help: Splunk Answers http: //answers. splunk. com Community driven Splunk supported Knowledge exchange

Technical Help: Splunk Documentation http: //docs. splunk. com Official Product Docs Wiki and community

Splunk Education Develop internal Splunk experts Recommended for New Users – Using Splunk –

Splunk Events Splunk User Groups – – Community driven Bootstrapped by Splunk Occur every

Other Ways to Get Help Post a Question to Splunk Answers Find an app

Q&A • Questions? • Looking Ahead – – Was the workshop useful? Get ideas

Thank You : ) Copyright © 2011, Splunk Inc. Listen to your data.

Slides: 17

Download presentation

Agenda • Getting Started (5 minutes) • Splunk at <Your Company> (5 -10 minutes) • Orientation (15 -20 minutes) • Getting Help (5 -10 minutes) • Q & A (10 -15 minutes) Copyright © 2011, Splunk Inc. 2 Listen to your data.

Introductions • Who are you? • What is your role? – Where does your job start and end? • Who’s in the audience? – Have the audience introduce themselves? – How much experience do they have with Splunk? – What do they hope to gain from the workshop? Copyright © 2011, Splunk Inc. 3 Listen to your data.

Getting Started • How to access Splunk? – <Splunk URL> – <Credentials: LDAP or other? > • How to request access? – What is the new user onboarding process? – You have a process, right? ; ) • What data is currently collected and available? – What is the new data onboarding process? – Please say you have a process Copyright © 2011, Splunk Inc. 4 Listen to your data.

Splunk Environment • How is Splunk deployed? – Present a diagram of your Splunk deployment (example on next slide) • Splunk can be downloaded free and sets up in <5 minutes – Free version can be used as sandboxes to learn Splunk or test new configuration – Free version for home/personal use Copyright © 2011, Splunk Inc. 5 Listen to your data.

<Your Company> Splunk Architecture License Capacity: 500 GB/day Distributed Search and Summary Indexing Tier x 5 … Forwarders or Forwarding Tier Data Sources desktops Copyright © 2011, Splunk Inc. laptops servers/VMs proxy applications 6 syslog firewall config Listen to your data.

<Your Company> Use Cases • Who is using Splunk (individual users or teams)? • What are they doing with Splunk? • Highlight success stories, cool challenges solved or interesting questions answered by Splunk. • Example: our CIO is able to track productivity using Splunk dashboards of web proxy data. • Poll the audience for their use cases. Copyright © 2011, Splunk Inc. 7 Listen to your data.

Orientation • Provide a walk through of the Splunk UI – Show the Launcher – Show the Getting Started App – Show the Search App êcover the data (sourcetypes, hosts, sources) êrun a simple search with wildcards/booleans êexplain the timeline, search controls, filters êexplain the time range picker (historic vs. real-time searches) êfind the search in the Jobs manager êintroduce search commands êexplain fields and/or demo the interactive field extractor êshow to save and schedule searches êbuild a simple report êmake a simple dashboard – Ask the audience for search ideas or questions they want answered Copyright © 2011, Splunk Inc. 8 Listen to your data.

Orientation • Mention the existence of the CLI and REST APIs • Show other cool Apps – – Show Apps you have installed Example: use the Google. Maps App to geolocate events Download more from Splunk. Base Users can also build their own Copyright © 2011, Splunk Inc. 9 Listen to your data.

Getting Help • • Is there an internal wiki or website with more information? Is there an internal mailing list users can ping? Is there an internal chat list? Are there team experts who can be leveraged? Copyright © 2011, Splunk Inc. 10 Listen to your data.

Technical Help: Splunk Documentation http: //docs. splunk. com Official Product Docs Wiki and community topics Updated daily Can be printed to. PDF Copyright © 2011, Splunk Inc. 12 Listen to your data.

Splunk Education Develop internal Splunk experts Recommended for New Users – Using Splunk – Searching & Reporting Recommended for Admins – Administering – Deploying Splunk Recommended for UI/Dashboard Developers – Developing Apps Copyright © 2011, Splunk Inc. 13 Listen to your data.

Splunk Events Splunk User Groups – – Community driven Bootstrapped by Splunk Occur every 2 -3 months Hosted locally www. splunk. com > Events Splunk Live! – Worldwide customer events – Technical workshops for beginners and power users – Local Events held in LA, OC, San Diego, Phoenix yearly Splunk User Conference – August 15 -17 in San Francisco, CA – 5 tracks, more than 40 sessions, the smartest Splunk users together – May 13 th early registration promotion Copyright © 2011, Splunk Inc. 14 Listen to your data.

Other Ways to Get Help Post a Question to Splunk Answers Find an app on Splunkbase Join the IRC channel #splunk on efnet Join the Splunk Linked. In Group Follow @Splunk on Twitter Watch Splunk Videos on You. Tube Copyright © 2011, Splunk Inc. 15 Listen to your data.

Q&A • Questions? • Looking Ahead – – Was the workshop useful? Get ideas for future workshops Recruit someone in the audience to host a future workshop Consider hosting a Search/Story of the Month contest Copyright © 2011, Splunk Inc. 16 Listen to your data.