Presentation on theme: "Getting Started with Splunk"— Presentation transcript:
1 Getting Started with Splunk This is a presentation template for a Getting Started with Splunk Workshop. The slides are intended to be customized to your own environment and agenda. Notes conveying purpose and example usage are presented on the slides directly. Good luck and have fun!Name TitleDate
2 Agenda Getting Started (5 minutes) Splunk at <Your Company> (5-10 minutes)Orientation (15-20 minutes)Getting Help (5-10 minutes)Q & A (10-15 minutes)
3 Introductions Who are you? What is your role? Who’s in the audience? Where does your job start and end?Who’s in the audience?Have the audience introduce themselves?How much experience do they have with Splunk?What do they hope to gain from the workshop?
4 Getting Started How to access Splunk? How to request access? <Splunk URL><Credentials: LDAP or other?>How to request access?What is the new user onboarding process?You have a process, right? ;)What data is currently collected and available?What is the new data onboarding process?Please say you have a process
5 Splunk Environment How is Splunk deployed? Present a diagram of your Splunk deployment (example on next slide)Splunk can be downloaded free and sets up in <5 minutesFree version can be used as sandboxes to learn Splunk or test new configurationFree version for home/personal use
7 <Your Company> Use Cases Who is using Splunk (individual users or teams)?What are they doing with Splunk?Highlight success stories, cool challenges solved or interesting questions answered by Splunk.Example: our CIO is able to track productivity using Splunk dashboards of web proxy data.Poll the audience for their use cases.
8 Orientation Provide a walk through of the Splunk UI Show the Launcher Show the Getting Started AppShow the Search Appcover the data (sourcetypes, hosts, sources)run a simple search with wildcards/booleansexplain the timeline, search controls, filtersexplain the time range picker (historic vs. real-time searches)find the search in the Jobs managerintroduce search commandsexplain fields and/or demo the interactive field extractorshow how to save and schedule searchesbuild a simple reportmake a simple dashboardAsk the audience for search ideas or questions they want answered
9 Orientation Mention the existence of the CLI and REST APIs Show other cool AppsShow Apps you have installedExample: use the GoogleMaps App to geolocate eventsDownload more from SplunkBaseUsers can also build their own
10 Getting HelpIs there an internal wiki or website with more information?Is there an internal mailing list users can ping?Is there an internal chat list?Are there team experts who can be leveraged?
11 Technical Help: Splunk Answers Community drivenSplunk supportedKnowledge exchangeQ & ASplunk Answers(http://splunk-base.splunk.com/answers/ or is a web based Splunk community which can be utilized to answer questions.Many Splunk employees are users and check the site on a regular basis. We are happy to provide feedback on the questions being asked here. This is an excellent option for people who do not have direct access to Splunk support to find quick answers to their questions. This site is a great place to see if other people may have encountered a similar issue to the one you are experiencing. We encourage Splunk users to utilize this resource as a first line of investigation.We welcome you to engage the Splunk community for any and all questions you may have related to Splunk. It is a friendly community full of people who are willing and able to assist you with your inquiries. It can be useful in answering basic questions , or even questions about advanced deployment use cases. Whatever you'd like to know about Splunk, there is a good chance someone in the community has this knowledge, and is willing to share it with you.
12 Technical Help: Splunk Documentation Official Product DocsWiki and community topicsUpdated dailyCan be printed to .PDF
13 Splunk Education Develop internal Splunk experts Recommended for New UsersUsing SplunkSearching & ReportingRecommended for AdminsAdministeringDeploying SplunkRecommended for UI/Dashboard DevelopersDeveloping AppsBecause not everyone can be an authorized support contact with the ability to interact with Splunk Support on a Regular Basis, and different people work with Splunk at different levels, it is important to develop Splunk experts internally.These are the individuals responsible for Splunk Administration and/or the management of the Splunk Knowledge layer. The first step in developing an internal expert would be to engage Splunk education to develop a plan to take advantage of all our course offerings.The knowledge imparted by the courses, as well as day to day Splunk administration in conjunction with knowledge management is usually sufficient to provide an internal level of expertise sufficient to be able to mitigate many issues before engaging support.These individuals can be integral to the success of a Splunk Implementation and can assist you in determining if your issue is a simple misconfiguration, or if this may require the assistance of the Splunk Support Team.
14 www.splunk.com > Events Splunk EventsSplunk User GroupsCommunity drivenBootstrapped by SplunkOccur every 2-3 monthsHosted locallySplunk Live!Worldwide customer eventsTechnical workshops for beginners and power usersLocal Events held in LA, OC, San Diego, Phoenix yearlySplunk User ConferenceAugust in San Francisco, CA5 tracks, more than 40 sessions, the smartest Splunk users togetherMay 13th early registration promotion> EventsSplunk User GroupsFrom time to time, there are also Splunk User Group meetings at various locations around the country and world, which you can attend to learn how other customers are currently using Splunk.To find out about upcoming events in your area, be sure to check out the upcoming events section of the Splunk
15 Other Ways to Get Help Post a Question to Splunk Answers Find an app on SplunkbaseJoin the IRC channel #splunk on efnetJoin the Splunk LinkedIn Groupon TwitterWatch Splunk Videos on YouTube
16 Q&A Questions? Looking Ahead Was the workshop useful? Get ideas for future workshopsRecruit someone in the audience to host a future workshopConsider hosting a Search/Story of the Month contest