Mastering Splunk 8: Become an expert at implementing the advanced features and capabilities of Splunk 8

Miller, James D.

  • 出版商: Packt Publishing
  • 出版日期: 2020-12-04
  • 定價: $1,780
  • 售價: 9.0$1,602
  • 語言: 英文
  • 頁數: 456
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1838987487
  • ISBN-13: 9781838987480
  • 相關分類: Splunk
  • 立即出貨 (庫存=1)


Delve into Splunk and extend intelligence capabilities, and leverage machine learning to explore data efficiently

Key Features

  • Gain the expertise you need to implement the advanced features and capabilities of Splunk 8
  • Get to grips with advanced Splunk features and create compelling reports and dashboards
  • Develop and manage advanced Splunk pipelines to integrate intelligence capabilities within your organization

Book Description

Splunk is the most widely used engine for working with machine-generated data. This expert-level guide will help you to leverage advanced use cases to drive business growth using operational intelligence and business analytics features.

You'll start with an introduction to the new features in Splunk 8 and cover step-by-step exercises that will help you to understand each feature in depth. Next, you'll explore key tasks such as workload management, performance and alerting, Splunk Enterprise Security, and advanced indexing. You'll also learn how to create categorical charts and run analytical operations on metrics within the Splunk Analytics workspace, before understanding how to deliver insights across your organization even when faced with limited or complex data using advanced data analytics. The book will also show you how to monitor and maintain Splunk environments using advanced dashboards. Later, you'll create custom data visualizations and update dashboards using drag and drop and the UI-based dashboard editor. Finally, you'll add SplunkJS to a web app and use the Splunk Machine Learning Toolkit (MLTK) as an extension to the core Splunk platform using real-world use cases.

By the end of this book, you'll have learned how to use various Splunk features to extend intelligence capabilities and perform machine learning to explore data effectively.

What You Will Learn

  • Understand the components of Splunk 8 and how they work
  • Convert distributed search environments to clusters and configure disaster recovery sites using index clustering
  • Find out how to integrate Splunk with platforms such as AWS and Microsoft Azure
  • Use Search Processing Language (SPL) within Splunk macros to create efficient searching
  • Detect suspicious patterns in data with advanced event correlation searches
  • Explore machine learning with Splunk MLTK
  • Review the beta dashboard editor using working examples
  • Use SplunkJS Stack libraries to enhance web apps

Who this book is for

This Splunk book is for data professionals, data analysts, and Splunk users looking to leverage the advanced features of the Splunk Enterprise platform to derive valuable business insights from machine data. The book is also a useful expert-level guide for individuals from all facets of IT, business, and security. Prior knowledge of Splunk and its features is mandatory to get the most out of this book.



- 獲得實施Splunk 8高級功能和能力所需的專業知識
- 掌握高級Splunk功能,並創建引人入勝的報告和儀表板
- 開發和管理高級Splunk管道,將智能能力整合到組織中


您將從Splunk 8的新功能介紹開始,並進行逐步練習,幫助您深入了解每個功能。接下來,您將探索工作負載管理、性能和警報、Splunk企業安全性以及高級索引等關鍵任務。您還將學習如何在Splunk Analytics工作區內創建分類圖表並對指標進行分析操作,然後了解如何使用高級數據分析在面臨有限或複雜數據時在組織中傳遞洞察力。本書還將向您展示如何使用高級儀表板監控和維護Splunk環境。最後,您將使用拖放和基於UI的儀表板編輯器創建自定義數據可視化並更新儀表板。最後,您將使用SplunkJS將Splunk Machine Learning Toolkit(MLTK)添加到Web應用程序中,並使用真實世界的用例將其作為核心Splunk平台的擴展。


- 了解Splunk 8的組件及其工作原理
- 將分散搜索環境轉換為集群並使用索引集群配置災難恢復站點
- 了解如何將Splunk與AWS和Microsoft Azure等平台集成
- 在Splunk宏中使用搜索處理語言(SPL)創建高效搜索
- 使用高級事件相關搜索檢測數據中的可疑模式
- 探索Splunk MLTK的機器學習
- 使用工作示例評審測試版儀表板編輯器
- 使用SplunkJS Stack庫增強Web應用程序

本書適合數據專業人士、數據分析師和Splunk用戶,他們希望利用Splunk Enterprise平台的高級功能從機器數據中獲得有價值的業務洞察力。本書也是IT、業務和安全各個方面的個人的有用專家級指南。為了充分利用本書,需要具備Splunk及其功能的先備知識。