Pass Splunk SPLK-1003 Exam in First Attempt Easily

Introduction

1. Introduction

This module is designed for complete beginners who are totally new to Spelunk. This course should be able to give you a fair understanding of Spelunk and its products and the huge benefit of having Spelunk in your organization. So let's get on with it.

Hide

1. Introduction to Module 01

Introduction to Spelunk Enterprise

This module is designed for complete beginners who are totally new to Spelunk. This course should be able to give you a fair understanding of Spelunk and its products and the huge benefit of having Spelunk in your organization. So let's get on with it.

2. What is Spelunk?

First step as part of this modules to understand what really Spelunk is. When you usually read about Spelunk, an Internet blog or speak about Spelunk with your colleagues, you would heard some of these points. The first point here is that comes up when discussing about Splunk. Some people call it as a logmanagement or a log collection tool. Yes, it can be a log management or log collection tool, it can collect logs and it can manage those logs as per organizational policy. But that is not it. And one more common point that comes up whenever discussion on Spelunk is going on saying it as an It monitoring tool or application performance monitoring tool if you ask me, yes, of course I will say it as a monitoring tool. It can monitor your CPU, Ram, hardware usage, etc. For which all the typical monitoring tool does and also can alert you based on threshold conditions that you mentioned as part of your alerts. Also as part of application monitoring is concerned, it can monitor or keep track of JVM sheep size, response time of your request, website status, thread locks and the thread usage by applications, et cetera and so on. So to conclude, yes, Spelunk can be used as a monitoring for It or infrastructure and also it can monitor your application performance. So the next point in our discussion is Big Data domain or where Spelunk has been seen adding great values and getting the most out of the data available inside the organization in which it has projected as Big Data Analysis platform. And also it has been used to get insights of business intelligence like cost per click, views per page, advertisement revenues and impacts from the campaigns that are run on social media like Facebook, Instagram or LinkedIn. And few more points would be like identifying sources from where the traffic has been originated. It might be social media or search engines or other third party sites on the internet. And now moving on to our next point SIM, which stands for Security Information and Event Management which is used as part of their stock in most of the organization and play a vital role in securing their organization. Since Spelunk can be used in security also itis position as a next generation SIM solution. It is a major competitor for traditional Sims like IBM, Cured, HP, Arc sides, Logarithm, etc. And this vertical is the most active as of now. When I say most active, it is most active in terms of growth, revenue improvements and the innovations that are happening in this time. When you see a sprung perspective in the next point we can see that operational intelligence which has-been coined by Spelunk itself as a tagline for its product and it refers to all the points we have discussed before and many more in this discussion of how we can define Splunk. If you ask me basically what Spelunk is, I would simply say it is like a Google for your organization where all the data from your organization has been fed into Spelunk indexed and it is stored inside Spelunk so that anytime you need you can just write a search like what you search in the Google or any other search engines. You’ll get information that is specific and related only to your organization, all the data that has been fed to plunk in your organization and if you know how to search, it will be like a mini Google for your organization where you'll be able to find quick solution, get value out of what data is in your organization and to troubleshoot any issues inside your organization.

3. Products of Spelunk: Spelunk Light

Now we know what Spelunk islet us look at some of the products which it can offer us for our business or organization to enhance the performance and efficiency of our day to day activities, properties and getting more value out of our existing data in our organization. The first product Spelunk ads portfolio is called Spelunk Light which is actually a small or limited version of the product. Plunk enterprise. Plunk Light can be used by individual people or small companies for analyzing their data by uploading or forwarding it to Spelunk Light which is hosted in cloud environment of Spelunk. Frankly speaking, Spelunk Light feels like handing you over Nokia phone in this generation of smartphones. Similarly, Spelunk Light can do the basic functions of analyzing and passing data, but it has lot of limitations when compared to its enterprise version. So now let's see how Spelunk Light looks like. If you just go to Google and search for plunk Light, you see some of the images. This is how basic or Spelunk Light looks like. When you register for a Spelunk Light version, it costs you around $25 per month. I believe when you register it on the Spelunk portal, you have to pay by a credit card. This is how basically it looks. You’ll get a URL with the credentials where you can log in, upload your data or forward the data to that instance and youkan start searching and analyzing your data. That is all about the slunk light.

4. Products of Spelunk: Spelunk Cloud

The next product Spelunk has to offer is the Spelunk Cloud. This is much better version of Spelunk light and close to Spelunk Enterprise version and availability of Spelunk users. And the only difference between Spelunk Cloudland Spelunk Enterprise that Spelunk Cloud is hosted and completely managed by Spelunk itself. Since it is managed and ousted in Spelunk environment it’s like your data will be in safe and your environment is much more stable since they are the product owners and they know their product in and out and they manage very well. The Spelunk Cloud basically you will get a URL once you are enrolled and you will have a couple of certificates that are sent to you so that the data from your organization will be sent to the Spelunk Cloud where you are slunk Enterprise cloud is ousted and it will be over encrypted channel. So this data is being parsed and stored inside Spelunk Cloud. This cloud instance as a user you will get URL and support contract with the Spelunk. The URL is used for logging in which will be your searcher where you will log in, create reports, alerts, dashboards, all stuff you typically do with the Spelunk and the support is for like if you’re facing any slowness issues with your Spelunk, something breaks with the application, you can raise an incident and contact the support to troubleshoot or fix the issues on this plank cloud.

5. Products of Spelunk: Spelunk Enterprise

Now the third product of Spelunk is Spelunk Enterprise. The Spelunk Enterprise is a software package and to be clear, Spelunk does not have any hardware, a complete software package. The Spelunk Enterprise is its flagship product and that it has been around from the beginning and all other products were built around this Spelunk Enterprise package. As a matter of fact, SplunkCloud and Spelunk Light version. You'll get a URL once you have purchased the Splunk or enrolled for this Splunk Lightor Splunk Cloud and that's it.Everything can be accessed by a Splunk URL which has been shared to you where Splunk Enterprises packageis a software package which can be downloaded and installed in your environment either in a cloud oar virtual infrastructure or on a physical server. And as a Spelunk admin or architecture you will be having Spelunk full functionality with Spelunk Enterprise package to mention the difference between Spelunk Enterprise and Spelunk Cloud. The slunk cloud is hosted on slunk environment itself. It will be like owned bySplunk.com and completely managed by Splunk.com.You'll be utilizing their Cloud service and your data should be sent to their cloud. Of course it will be over SSL and any conflict changes should be requested by you through support portal and it will be handled as per the incident Management SLA agreements with the Splunk. But whereas Spelunk Enterprise which is implemented in your organization, you will have full control on your configuration changes, customization more control compared to plunk Cloud and also Spelunk Cloud as a default retention policy like 30 days of storing your data or 60 days or 90 days which comes as part of your initial package. But if you want to store for longer duration then you have to pay more because of the storage cost, whereas Spelunk Enterprise it can be decided considering how much storage is available for your Spelunk in your organization. We are clear with Spelunk light, plunk cloud and Spelunk Enterprise. Let’s move on to the next product.

6. Products of Spelunk: Hunk & Premium Apps

Moving on to the next product in our list is Hunk which is nothing but Spelunk used to search in adult data environment. This product as of now has been merged with the Spelunk enterprise package itself. The Hunk was a previous term used for searching Hadoop data environments or using plunk in Hadoop data environments. The final product as part of this module is the premium Apposite is also known as Premium Solution offered by plunk where the apps of the Spelunk which adds huge value to the organization has been commercialized by plunk and has official support which makes it more convenient to use and get help. Premium Apps The first one is the Enterprise Security which can also be referred as SIM solution. First, Spelunk when you come to apps conception Spelunk similar to apps that you download from App Store or Play Store. For example, if you want your phone to scan a piece of paper, you download scanner app from Play Store or App Store. Similarly, if you want to make your Spelunk to act as a SIM solution, you can download this app which is completely focused on security, will give your Spelunk ability to analyses security data from day one. The next one in the list of premium applies It Si which is widely used for getting insight of complete infrastructure and service availability and much more features available as part of package and generates huge value to the teams or organization right from the time of installation when we move on tithe third one in our list is the UBA which stands for User Behavior Analytics app and mainly focuses on insider threat to the organization by profiling users through monitoring their activity and alerting or flagging if it finds something suspicious. This is a great app to consider for many industries considering the threat of malicious intent of an employee which can impact their company and also their customers. The next one is the PCI which stands for Payment Card Industry.This is Payment Card Industry Standards which has to be compliant by any company which handles credit or debit card information. This app is used to check the address of PCI standards and flag any policy that have been violated in the organization or policies which are not implemented as per PC standard. It can be a single place of monitoring for your complete organizations PCI compliance status which gives you insights into problems and can assist in fixing them to comply with the PCI standards. And if you look at few more premium apps or the MS Exchange and the VMware the MS Exchange which is used to measure the health of your Exchange infrastructure and monitor it for any errors or warnings. And one more is the VMware which is used for the VMware environment to monitor performance and availability of the whole environment which is running VMware. There are a few more apps like Fraud Analytic Sapp which is used widely to detect financial frauds like money laundering, transaction fraud, et cetera. So to conclude this apps which are sold by Spelunk are called premium solution or premium apps can be done by your Splunk engineer or Splunk Admin or Splunk architect. But these features are all can be inbuilt customized in house by your Splunk engineers. But it requires a lot of time and effort. Whereas purchasing this will give you all these rules, dashboard reports and dollars which are predefined and customized as per the best practices and commonly used methods per the respective industry standards. You.

7. Components of Splunk: Search Head

In our previous modules, we understood what is Spelunk and what are its products it has to offer us. Now we will narrow down our topic to Just plunk Enterprise which is the core product of Splunk. Once you have mastered Splunk Enterprise, youkan play around with other products of plunk which are built around Spelunk Enterprise. From now onwards, in our discussion, I'll be using Just Spelunk which refers tour Spelunk Enterprise for simplicity purpose. Our next topic of discussion in our journey of becoming the Spelunk Master is to understand what are the different components of Splunk.There are many components of Splunk.The first component in our list is the plunk Search head, which is where the visualization part of the Spelunk is carried on. The search head is the fancy one out of all other components of Splunk.Since all the visualization charting dashboard reports,alerts are configured and viewed on thesearch engine to define it.Splunk Search Ad is a component of Splunk whichoffer a web interface to visualize and query thedata for reporting alerting or creating dashboards in Splunk.

8. Components of Splunk: Indexer

Moving on. The next component of Splunk is the indexer which is the core component of any slunk installation. The indexer is the one which does all the heavy lifting in a slunk environment and index the place where all the data will be stored on the splunk. The more efficient your index, the more better your slunk environment health will be. To define an indexer, it is a component of Spelunk where the data is passed. When I say parse, it is known as breaking down of events into smaller manageable pieces by splunk. So to define an index here it is component of Spelunk where the data is passed or broken down and stored in the indexer. The rule of the indexer is to pass the data and store data inside splunk. And this stored data is where all your queries that are run by the searches for fetching reports or creating colors will be run and the results will be given. Went back to the searcher for visualization or sending it out an email.

9. Components of Spelunk: Universal Forwarder

The third component of Spelunk in our list is the universal forwarder, which is also referred as Spelunk agent. The universal forwarder are used to collect data from term remote data sources. When I say remote data sources, it can be anything that is holding data. It can be a flat file, log files, scrapes or database logs, web server logs, any remote machine which has data. We can install a universal forwarder to fetch that data and feed it tour Spelunk environment for further processing. The universal forwarder is a lightweight package. All it can do is to fetch the data and send to other Spelunk instances. It can also run scripts to collect the data on local or remote machines. Installation of universal forwarded for collecting data is highly recommended for fetching data from the remote machines. It has very little overhead on CPU and Ram, which is negligible when considered to other processors. To define universal forwarder, it is a lightweight component of plunk which fetches the data from flat files or scripts and sends it to others component of Spelunk for processing of the data further up the chain.

10. Components of Spelunk: Heavy Forwarder

The next component is the heavy forwarder. As the name suggests, it's heavy instance. It requires its own infrastructure to operate when compared with yourself forwarder, it has additional capabilities of passing and storage of the data. But in every forwarder it is highly recommended not to store any data because it will be a duplication since your indexes also storing the data and it comes with an added cost of the storage on the heavy forwarder. The heavy forwarder parses the data and sends it to the indexer. The passing involves masking of your data, filtering out noise from the logs and also evolved. It will help improve indexer performance by decreasing the load of parsing. When we say parsing, it is the breaking down of events into smaller manageable pieces. So it will help improve indexer performance by decreasing the load of passing on the index. The heavy folder is usually optional component in small and medium enterprises. The need for having a heavy forwarder will be in the ants of Spelunk, admin or the architect to go for the AV Ford or not having a heavy forwarder gives you following benefits like masking of the data, filtering of the noise and reducing load on the index. All this can be done using the indexer itself, but it comes with additional processing cost of the indexer. Always remember, if your indexer performance is good, your overall slunk performance will be good. So in order to improve performance on the indexer, we can have heavy forwarder masking filtering to reduce the parsing load on the index. We can always afford heavy forward, but it's still the optional component. It is good to evaluate option of having heavy forward in any environment.

Hide