Latest Posts
SPLK-1003 Splunk Enterprise Certified Admin – Splunk Inbuilt & Advanced Visualizations Part 4
Rest of the default Visualtization in Splunk Go back to select Visualization next to your search icon and choose Filter Gauge. As you can see we have a limit which was set as part of our radial gauge from zero to 400, so it is up to in our appreciable range of blue. We can change the colors in a similar fashion where you can choose form at visualization color ranges and choose whichever colors you would like. This should be able to give you a filter range in case…
SPLK-1003 Splunk Enterprise Certified Admin – Splunk Inbuilt & Advanced Visualizations Part 3
What is a Splunk Workflow? We have learned more about drill down futures in the Dashboard, using which you should be able to create some wonderful use cases which you can use narrowing down by the splunk. Drill down futures into multiple dashboards or the same dashboards. Now let us see how we can add more value to splunk by creating a workflow. Imagine what is the first step you do when you find some weird IP address or some string in your logs. What is the first thing that…
SPLK-1003 Splunk Enterprise Certified Admin – Splunk Inbuilt & Advanced Visualizations Part 2
Dashboard Filters: Dynamic Filters In our previous discussion where we have created multiple filters that are text box, drop down and time filter. Now we’ll see how to make these filters dynamic. The best example for a dynamic filter would be your drop down. So let us see how we can create it. We know by now will add a filter, we’ll click on edit function or we’ll get into edit mode of the dashboards and click on Add Input. Choose the drop down, click the pencil icon. Here you’ll…
SPLK-1003 Splunk Enterprise Certified Admin – Splunk Inbuilt & Advanced Visualizations
Editing Dashboard Using Source We have seen how to add this multiple panels into our Dashboard by various methods like using search bar and also using panel created by Dashboard Edit. Now you can also edit panel by editing the source. When I say source, the Dashboard source is always an XML file. If you want to view the source source or how Splunk is able to interpret these panels and the reports, dashboards and stuff, you can go here, click on Edit. As you can see, next to that…
SPLK-1003 Splunk Enterprise Certified Admin – Splunk Apps And Add-On’s Part 3
Custom Navigation inside Apps Using Splunk Web As part of our learning to create an app using Splunk Web, we will see how to customize this newly created Splunk app that is using Splunk Web. As you can see, we are using Splunk demo Web, that is the Web. We have used the web component of Splunk to create this app and we’ll see how we can and edit this navigation using Splunk Web. In order to edit this navigation, go to Settings. Click on user interface. Under User Interface…
SPLK-1003 Splunk Enterprise Certified Admin – Splunk Apps And Add-On’s Part 2
Creating your Own Splunk App Now we have learned managing apps and add ons in Splunk that is installing, deleting, disabling, add ons and apps on your Splunk instance. Now, how we can create our own apps in Splunk. That is we’ll be learning more about how to create our own apps for your internal teams or your work on some new technology, new logic that seems to have more value so that you are willing to share this with other community people. You can package this as an app…
SPLK-1003 Splunk Enterprise Certified Admin – Splunk Apps And Add-On’s
What is an Add on? Hi, welcome to this video. In this video we’ll be understanding more about what are add ons and how to install them. And also throughout this course we’ll be learning how to install add ons, how to install an application on Splunk, how to download this application, how to create your own application, how to submit your newly created application to the Splunk portal and get it Splunk verified. Similarly, we’ll be seeing how to customize your application based on views, based on Dashboards, or…
SPLK-1003 Splunk Enterprise Certified Admin – Installation and Configuration of Splunk Components Part 5
Configure Deployment Server From Splunk Web We know very well by now that the deployment server is a centralized management console where you can deploy any configuration related to our Splunk infrastructure or the component in our Splunk infrastructure. Now we will be seeing how to configure deployment server. To configure deployment server. The best and possibly the only way is to create a server class con file which is responsible for your deployment server feature. You’ll be able to see this is the only way to enable your deployment…
SPLK-1003 Splunk Enterprise Certified Admin – Installation and Configuration of Splunk Components Part 4
Configure Search head From Splunk Web Once we have successfully configured our indexes, the next component of Splunk is searched. Since indexer is the core component which starts receiving of the logs, which stores logs and everything, the next component would be searched or UAV folder or Universal folder. You can start with any other component, but for this tutorial we’ll be starting with configuration of searcher. There are total of three different ways where you can configure Splunk searcher. We will see them one by one and you can…
SPLK-1003 Splunk Enterprise Certified Admin – Installation and Configuration of Splunk Components Part 3
Configuring Indexer: Enable Reciever Then what is indexing? Indexing is a process of breaking down of events into smaller piece known as parsing and storing of data. So indexing is a process where the component of Splunk which processes the data and stores the data. Now let us see how we can configure indexer in couple of ways. The first step in configuring indexer which is our indexer for my clarity so that I don’t make any mixture, I’ll close all other instances of Splunk and I’ll keep only my…