Data Analytics Using Splunk 9.x: A practical guide to implementing Splunk's features for performing data analysis at scale

Make the most of Splunk 9.x to build insightful reports and dashboards with a detailed walk-through of its extensive features and capabilities

Key Features

- Be well-versed with the Splunk 9. x architecture, installation, onboarding, and indexing data features
- Create advanced visualizations using the Splunk search processing language
- Explore advanced Splunk administration techniques, including clustering, data modeling, and container management

Book Description

Splunk 9 improves on the existing Splunk tool to include important features such as federated search, observability, performance improvements, and dashboarding. This book helps you to make the best use of the impressive and new features to prepare a Splunk installation that can be employed in the data analysis process.

Starting with an introduction to the different Splunk components, such as indexers, search heads, and forwarders, this Splunk book takes you through the step-by-step installation and configuration instructions for basic Splunk components using Amazon Web Services (AWS) instances. You'll import the BOTS v1 dataset into a search head and begin exploring data using the Splunk Search Processing Language (SPL), covering various types of Splunk commands, lookups, and macros. After that, you'll create tables, charts, and dashboards using Splunk's new Dashboard Studio, and then advance to work with clustering, container management, data models, federated search, bucket merging, and more.

By the end of the book, you'll not only have learned everything about the latest features of Splunk 9 but also have a solid understanding of the performance tuning techniques in the latest version.

What you will learn

- Install and configure the Splunk 9 environment
- Create advanced dashboards using the flexible layout options in Dashboard Studio
- Understand the Splunk licensing models
- Create tables and make use of the various types of charts available in Splunk 9.x
- Explore the new configuration management features
- Implement the performance improvements introduced in Splunk 9.x
- Integrate Splunk with Kubernetes for optimizing CI/CD management

Who this book is for

The book is for data analysts, Splunk users, and administrators who want to become well-versed in the data analytics services offered by Splunk 9. You need to have a basic understanding of Splunk fundamentals to get the most out of this book.

充分利用Splunk 9.x的功能和能力，建立具有洞察力的報告和儀表板，詳細介紹其廣泛的功能和能力。

主要特點：

- 熟悉Splunk 9.x的架構、安裝、引入和索引數據功能
- 使用Splunk搜索處理語言創建高級可視化效果
- 探索高級Splunk管理技術，包括集群、數據建模和容器管理

書籍描述：

Splunk 9改進了現有的Splunk工具，包括聯邦搜索、可觀察性、性能改進和儀表板等重要功能。本書幫助您充分利用這些令人印象深刻和新的功能，準備一個可在數據分析過程中使用的Splunk安裝。

從介紹不同的Splunk組件開始，如索引器、搜索頭和轉發器，本書通過逐步的安裝和配置指南，使用Amazon Web Services（AWS）實例，引導您完成基本Splunk組件的安裝和配置。您將將BOTS v1數據集導入搜索頭，並開始使用Splunk搜索處理語言（SPL）探索數據，涵蓋各種類型的Splunk命令、查找和宏。之後，您將使用Splunk的新儀表板工作室創建表格、圖表和儀表板，然後進一步使用集群、容器管理、數據模型、聯邦搜索、存儲桶合併等功能。

通過閱讀本書，您不僅將學習到有關Splunk 9的最新功能的一切，還將對最新版本的性能調優技術有深入的理解。

您將學到什麼：

- 安裝和配置Splunk 9環境
- 使用儀表板工作室中的靈活佈局選項創建高級儀表板
- 了解Splunk的授權模型
- 創建表格並利用Splunk 9.x中提供的各種類型的圖表
- 探索新的配置管理功能
- 實施Splunk 9.x中引入的性能改進
- 將Splunk與Kubernetes集成，以優化CI/CD管理

本書適合對Splunk 9提供的數據分析服務感興趣的數據分析師、Splunk用戶和管理員。您需要對Splunk基礎知識有基本的了解，以充分利用本書的內容。

1. Introduction to Splunk and its Core Components
2. Setting Up the Splunk Environment
3. Onboarding and Normalizing Data
4. Introduction to SPL
5. Reporting Commands, Lookups, and Macros
6. Creating Tables and Charts Using SPL
7. Creating Dynamic Dashboards
8. Licensing, Indexing, and Buckets
9. Clustering and Advanced Administration
10. Data Models, Acceleration, and Other Ways to Improve Performance
11. Multisite Splunk Deployments and Federated Search
12. Container Management

1. Splunk及其核心組件介紹
2. 設置Splunk環境
3. 數據接入和規範化
4. SPL介紹
5. 報表命令、查找表和宏
6. 使用SPL創建表格和圖表
7. 創建動態儀表板
8. 授權、索引和存儲桶
9. 集群和高級管理
10. 數據模型、加速和其他性能優化方法
11. 多站點Splunk部署和聯合搜索
12. 容器管理