One of my favorite tools over the years has been Splunk. It’s an excellent option for gathering and analyzing log data from a variety of sources. Use it for monitoring, troubleshooting, dashboarding and alerting across apps, DBs, sensors, IoT devices and more. I’ve not had a chance to use it in a while so wanted to review. I accomplished that goal by completing this Lynda course. Some of my notes are below.
Here are some key terms to consider when using Splunk:
- Apps
- collections of knowledge objects and customer-designed views and dashboards
- Host
- it’s a default field
- contains host name, or IP of the device that generated the event
- each event has one
- Splunk indexer generates this at index time
- Forwarder
- grabs data from different sources
- sends that data into Splunk software
- acts as an agent for log collection and sends to indexer
- Index
- repository for data
- transforms data into searchable events
- 2 types
- events
- metrics
- Tag
- Knowledge object that enables searching for specific values
- Indexer
- transforms raw data into events & stores them into an index
- searches data in response to search requests
- Event
- set of values associated with a timestamp
- single entry
- can have 1 or more lines
- Source
- name of a file, directory, data stream etc
- from where an event originates
![](https://jeremypk.net/wp-content/uploads/2020/09/image.png?w=1024)