Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Advanced Splunk
  • Table Of Contents Toc
  • Feedback & Rating feedback
Advanced Splunk

Advanced Splunk

By : Tulsiram Yadav
3.8 (4)
Buy this Book
close
close
Advanced Splunk

Advanced Splunk

3.8 (4)
By: Tulsiram Yadav
Buy this Book

Overview of this book

Master the power of Splunk and learn the advanced strategies to get the most out of your machine data with this practical advanced guide. Make sense of the hidden data of your organization – the insight of your servers, devices, logs, traffic and clouds. Advanced Splunk shows you how. Dive deep into Splunk to find the most efficient solution to your data problems. Create the robust Splunk solutions you need to make informed decisions in big data machine analytics. From visualizations to enterprise integration, this well-organized high level guide has everything you need for Splunk mastery. Start with a complete overview of all the new features and advantages of the latest version of Splunk and the Splunk Environment. Go hands on with uploading data, search commands for basic and advanced analytics, advanced visualization techniques, and dashboard customizing. Discover how to tweak Splunk to your needs, and get a complete on Enterprise Integration of Splunk with various analytics and visualization tools. Finally, discover how to set up and use all the new features of the latest version of Splunk.
Table of Contents (14 chapters)
close
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
1. What's New in Splunk 6.3?
chevron up
1. What's New in Splunk 6.3?
Splunk's architecture
Search parallelization
Data integrity control
Intelligent job scheduling
The app key-value store
Splunk Enterprise Security
Authentication using SAML
Summary
2
2. Developing an Application on Splunk
2. Developing an Application on Splunk
Splunk apps and technology add-ons
Developing a Splunk app
Developing a Splunk add-on
Managing Splunk apps and add-ons
Splunk apps from the app store
Summary
3
3. On-boarding Data in Splunk
3. On-boarding Data in Splunk
Deep diving into various input methods and sources
Adding data to Splunk – new interfaces
Data processing
Managing event segmentation
Improving the data input process
Summary
4
4. Data Analytics
4. Data Analytics
Data and indexes
Search
Subsearch
Time
Fields
Results
Summary
5
5. Advanced Data Analytics
5. Advanced Data Analytics
Reports
Geography and location
Anomalies
Predicting and trending
Correlation
Machine learning
Summary
6
6. Visualization
6. Visualization
Prerequisites – configuration settings
Tables
Single value
Charts
Drilldown
Summary
7
7. Advanced Visualization
7. Advanced Visualization
Sunburst sequence
Geospatial visualization
Punchcard visualization
Calendar heatmap visualization
The Sankey diagram
Parallel coordinates
The force directed graph
Custom chart overlay
Custom decorations
Summary
8
8. Dashboard Customization
8. Dashboard Customization
Dashboard controls
Multi-search management
Tokens
Null search swapper
Switcher
Summary
9
9. Advanced Dashboard Customization
9. Advanced Dashboard Customization
Layout customization
Custom look and feel
The custom alert action
Summary
10
10. Tweaking Splunk
10. Tweaking Splunk
Index replication
Indexer auto-discovery
Sourcetype manager
Field extractor
Search history
Event pattern detection
Data acceleration
Splunk buckets
Search optimizations
Splunk health
Summary
11
11. Enterprise Integration with Splunk
11. Enterprise Integration with Splunk
The Splunk SDK
Installing the Splunk SDK
The Splunk SDK for Python
Splunk with R for analytics
Splunk with Tableau for visualization
Summary
12
12. What Next? Splunk 6.4
12. What Next? Splunk 6.4
Storage optimization
Machine learning
Management and admin
Indexer and search head enhancement
Visualizations
Multi-search management
Enhanced alert actions
Summary
13
Index
Index

Authentication using SAML

SAML is an XML standard that allows secure web domains to exchange user authentication and authorization data. It allows one online service provider to contact an identity service provider in order to authenticate users who are trying to access the secure content.

Splunk Enterprise supports the use of SAML authentication and authorization for Single Sign-On (SSO). SSO can be enabled in Splunk with the configuration settings provided by the Identity Provider (IdP).

SSO can be configured by Splunk Web or by modifying authentication.conf located at $SPLUNK_HOME\etc\system\default directly. At present, Splunk Enterprise supports the Ping Identity product from PingFederate® for SSO.

To configure SSO with SAML, the following is the requirement list:

  • An identity provider (at present, PingIdentity) is a tested identity provider, and others can also be integrated on similar lines.
  • Configuration that uses an on-premise search head.
  • A user with an admin role and change_authentication Splunk capability. This permission allows us to enable SAML and edit authentication settings on the Splunk search head.

    Note

    SSO must be configured on all the search heads in the Splunk deployment for it to function properly.

We'll now learn how to set up SSO using SAML. Let's get acquainted with the steps of setting up SSO:

  1. The following information will be required from IdP to configure Splunk in order to authenticate the user:
    • role
    • realName
    • mail
  2. The groups returned by IdP are mapped to Splunk roles. A single Splunk role can be assigned to multiple groups.

Let's configure SSO using SAML via Splunk Web. The following are the steps to configure SSO on Splunk Web:

  1. Access Splunk Web by going to localhost:8000 from the deployment server machine or via IPAaddress:PortNo from a machine in the same network.
  2. Go to Settings | Access Controls | Authentication Method.
  3. Choose SAML as the External Authentication Method and click on Configure Splunk to use SAML.
  4. In the SAML Groups page, click on SAML Configuration.
  5. Browse and select the XML file provided by the IdP provider and fill in all the details and click on Save.

If all the settings are correct, the SAML Groups page will be populated with all the users and groups where specific groups and Splunk roles can be assigned.

End of Section 8
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY