Splunk doc summary

1.splunk feature

  • indexing


    data source: packaged and custom applications, application servers, web servers, databases, networks, virtual machines, telecoms equipment, operating systems, sensors, and so on.
  • data model


    Data model objects represent different datasets within the larger set of data indexed by splunk enterprise.
  • pivot


    The Pivot Editor lets users map attributes defined by data model objects to a table or chart data visualization without having to write the searches to generate them.Pivots can be saved as reports and added to dashboards.
  • search
  • alerts
  • reports


    Reports are saved searches and pivots.
  • dashboards

2.splunk users

  • Administrator
  • Knowledge Manager
  • Search User
  • Pivot User
  • Developer

3.splunk components

  • Apps
  • Forwarder
  • indexer
  • search head

4.install

Splunk Enterprise installs and runs two windows services, splunkd and splunkweb.New for version 6.2, the splunkd service handles all splunk enterprise operations, and the splunkweb service installs to run only in legacy mode.

To change the Splunk Web service port: 
• Open a command prompt.
• Change to the %SPLUNK_HOME%\bin directory.
• Type in splunk set web-port #### and press Enter.

To change the splunkd port: 
• Open a command prompt, if one isn't already.
• Change to the %SPLUNK_HOME%\bin directory.
• Type in splunk set splunkd-port #### and press Enter.

5.start

D:\Tool\Splunk\bin>splunk.exe start

6.home page

Splunk home includes the splunk enterprise navigation bar, the apps menu, the explore splunk enterprise panel, and a custom default dashboard.

7.get data into splunk enterprise

categorize input sources:

  • Files and directories
  • Network events
  • Windows sources
  • Other sources

ways to speify data inputs:

  • splunk web
  • apps
  • the splunk enterprise cli
  • the inputs.conf configuration file

whers splunk enterprise stores data:


A splunk enterprise data repository is called an index. During indexing, splunk enterprise processes the incoming data stream to enable fast search and analysis, storing the results in the index as events.

  • Rawdata
  • index files
posted @ 2015-12-10 22:23  sam_rui  阅读(285)  评论(0)    收藏  举报