更新时间:2021-06-10 19:05:42
coverpage
Title Page
Dedication
About Packt
Why subscribe?
Packt.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Introduction to Splunk
What is Splunk?
Splunk products
The history of Splunk
Installing Splunk for free
Splunk components
Splunk processing tiers
Splunk events
Splunk information resources
Summary
Architecting Splunk
Selecting a Splunk configuration
Data collection – data inputs
Data collection – concurrent searches
Distributed versus clustered Splunk environments
Replication and search factor
Replication factor
Search factor
Hot/warm and cold buckets
Search head clusters
Making a design decision
Selecting Splunk hardware options
Performance considerations
Making a hardware selection
Disk-sizing calculations
Installing and Configuring Splunk
Installing Splunk Enterprise
Installing Splunk on Linux
Linux settings
User–group – environment settings
ulimits
Transparent huge pages
Starting Splunk
Starting on reboot
Stopping Splunk
Installing Splunk on Windows server
Disabling antivirus software
Installing Splunk with a short pathname
Installing Splunk via the GUI
Stopping and starting Splunk on Windows
Synchronization of system clocks
Configuring Splunk components
Splunk directory structure
Configuration file precedence
Splunk installation checklist
Component and IP address list
Installation steps
Individual component configurations
License master and cluster master
Forwarding Splunk's internal logs to the indexers
Pointing servers to the license master
Indexing cluster
Configuring a TCP input
Deployer
Search heads
Designating and starting a search head captain
Checking search head cluster status
Deployment server
Multisite environments
Cluster master
Indexers
Cross-environment search
Documenting your Splunk deployment
Getting Data into Splunk
Installing Splunk universal forwarder
Starting/stopping the universal forwarder
Configuring outputs.conf
Configuring inputs.conf
Setting up a heavy forwarder
Configuring other data source inputs
Configuring an HTTP Event Collector
Testing the HTTP Event Collector
Introduction to apps
Using the deployment server
Configuring a deployment client
Configuring the deployment server
Creating deployment apps
