Presentation is loading. Please wait.

Presentation is loading. Please wait.

Getting Started with Splunk

Similar presentations

Presentation on theme: "Getting Started with Splunk"— Presentation transcript:

1 Getting Started with Splunk
This is a presentation template for a Getting Started with Splunk Workshop. The slides are intended to be customized to your own environment and agenda. Notes conveying purpose and example usage are presented on the slides directly. Good luck and have fun! Name Title Date

2 Agenda Getting Started (5 minutes)
Splunk at <Your Company> (5-10 minutes) Orientation (15-20 minutes) Getting Help (5-10 minutes) Q & A (10-15 minutes)

3 Introductions Who are you? What is your role? Who’s in the audience?
Where does your job start and end? Who’s in the audience? Have the audience introduce themselves? How much experience do they have with Splunk? What do they hope to gain from the workshop?

4 Getting Started How to access Splunk? How to request access?
<Splunk URL> <Credentials: LDAP or other?> How to request access? What is the new user onboarding process? You have a process, right? ;) What data is currently collected and available? What is the new data onboarding process? Please say you have a process

5 Splunk Environment How is Splunk deployed?
Present a diagram of your Splunk deployment (example on next slide) Splunk can be downloaded free and sets up in <5 minutes Free version can be used as sandboxes to learn Splunk or test new configuration Free version for home/personal use

6 <Your Company> Splunk Architecture License Capacity: 500 GB/day
Distributed Search and Summary Indexing Tier Indexing Tier x5 Forwarders or Forwarding Tier Data Sources laptops desktops proxy applications syslog firewall servers/VMs config

7 <Your Company> Use Cases
Who is using Splunk (individual users or teams)? What are they doing with Splunk? Highlight success stories, cool challenges solved or interesting questions answered by Splunk. Example: our CIO is able to track productivity using Splunk dashboards of web proxy data. Poll the audience for their use cases.

8 Orientation Provide a walk through of the Splunk UI Show the Launcher
Show the Getting Started App Show the Search App cover the data (sourcetypes, hosts, sources) run a simple search with wildcards/booleans explain the timeline, search controls, filters explain the time range picker (historic vs. real-time searches) find the search in the Jobs manager introduce search commands explain fields and/or demo the interactive field extractor show how to save and schedule searches build a simple report make a simple dashboard Ask the audience for search ideas or questions they want answered

9 Orientation Mention the existence of the CLI and REST APIs
Show other cool Apps Show Apps you have installed Example: use the GoogleMaps App to geolocate events Download more from SplunkBase Users can also build their own

10 Getting Help Is there an internal wiki or website with more information? Is there an internal mailing list users can ping? Is there an internal chat list? Are there team experts who can be leveraged?

11 Technical Help: Splunk Answers
Community driven Splunk supported Knowledge exchange Q & A Splunk Answers( or is a web based Splunk community which can be utilized to answer questions. Many Splunk employees are users and check the site on a regular basis. We are happy to provide feedback on the questions being asked here. This is an excellent option for people who do not have direct access to Splunk support to find quick answers to their questions. This site is a great place to see if other people may have encountered a similar issue to the one you are experiencing. We encourage Splunk users to utilize this resource as a first line of investigation. We welcome you to engage the Splunk community for any and all questions you may have related to Splunk. It is a friendly community full of people who are willing and able to assist you with your inquiries. It can be useful in answering basic questions , or even questions about advanced deployment use cases. Whatever you'd like to know about Splunk, there is a good chance someone in the community has this knowledge, and is willing to share it with you.

12 Technical Help: Splunk Documentation
Official Product Docs Wiki and community topics Updated daily Can be printed to .PDF

13 Splunk Education Develop internal Splunk experts
Recommended for New Users Using Splunk Searching & Reporting Recommended for Admins Administering Deploying Splunk Recommended for UI/Dashboard Developers Developing Apps Because not everyone can be an authorized support contact with the ability to interact with Splunk Support on a Regular Basis, and different people work with Splunk at different levels, it is important to develop Splunk experts internally. These are the individuals responsible for Splunk Administration and/or the management of the Splunk Knowledge layer. The first step in developing an internal expert would be to engage Splunk education to develop a plan to take advantage of all our course offerings. The knowledge imparted by the courses, as well as day to day Splunk administration in conjunction with knowledge management is usually sufficient to provide an internal level of expertise sufficient to be able to mitigate many issues before engaging support. These individuals can be integral to the success of a Splunk Implementation and can assist you in determining if your issue is a simple misconfiguration, or if this may require the assistance of the Splunk Support Team.

14 > Events
Splunk Events Splunk User Groups Community driven Bootstrapped by Splunk Occur every 2-3 months Hosted locally Splunk Live! Worldwide customer events Technical workshops for beginners and power users Local Events held in LA, OC, San Diego, Phoenix yearly Splunk User Conference August in San Francisco, CA 5 tracks, more than 40 sessions, the smartest Splunk users together May 13th early registration promotion > Events Splunk User Groups From time to time, there are also Splunk User Group meetings at various locations around the country and world, which you can attend to learn how other customers are currently using Splunk. To find out about upcoming events in your area, be sure to check out the upcoming events section of the Splunk

15 Other Ways to Get Help Post a Question to Splunk Answers
Find an app on Splunkbase Join the IRC channel #splunk on efnet Join the Splunk LinkedIn Group on Twitter Watch Splunk Videos on YouTube

16 Q&A Questions? Looking Ahead Was the workshop useful?
Get ideas for future workshops Recruit someone in the audience to host a future workshop Consider hosting a Search/Story of the Month contest

17 Thank You :)

Download ppt "Getting Started with Splunk"

Similar presentations

Ads by Google