Getting Started with Splunk

What is Splunk

Splunk is a software solution that captures, indexes, and correlates data in realtime. You can then search for this data using a search bar similar to google's, but it also allows you to create dashboards, reports, and alerts from those search queries.

Why Splunk

In the forever growing number of devices deployed and used daily, monitoring, and analyzing data created by those machines becomes daunting. Splunk provides a central location in which all this machine data can be forwarded to and then analyzed.

Continued...

Splunk has many use cases and has undoubtedly come a long way. For use cases, I suggest visiting Splunk for more information. Furthermore, in this series, we will focus on deploying Splunk in a simulated enterprise environment. From there I'll walk you through configuring Splunk and getting data ingested. Once Splunk has been installed and configured, we will learn how to use the Splunk processing language to perform business operations. These operations include monitoring, alerting, debugging, investigating, and creating reports or dashboards.

Prerequisites

• AWS account or similar cloud service
• Email address
• Internet (duh)

Positive Attitude and debugging skills are highly recommended if things do not work for you as expected.

Support

During this series, if you find yourself stuck or you are on a different version of Splunk from which this series is based on I highly recommend you seek support from the following.

• Splunk Answers
• Splunk Documentation
• Splunk Base

Homework

• Visit Splunk and learn what splunk can do for you
• Create an Amazon Web services account
• Learn the basics of AWS
• Create a Splunk account
• Write down what your reasons are for learning Splunk

See you here tomorrow!

See: Installing Splunk