Splunk Lookups Hey everyone and welcome back. In today’s video we will be discussing about Splunk Lookups. Now the Lookup Knowledge object in Splunk is something which is very widely used and typically if you are working in an environment where Splunk has been implemented, you will find that there are a lot of use cases where the Lookups will be required. So let’s go ahead and understand the Lookups functionality in split Splunk. Now going with the definitive terms, Lookup basically enhances the power of Splunk by enabling correlation…

Splunk Event Types Hey everyone and welcome back. In today’s video we will be discussing about the basics related to splunk event types. Now event types are basically a categorization which can help you make sense of your data so let’s understand this with an example. So let’s assume you write a query where you have source type is equal to axis underscore combined status is equal to 200 an action is equal to purchase so this can mean that someone has purchased your product and the status of 200…

Importance of Source Types Hey everyone and welcome back. In today’s video we will be discussing about some of the importance with the source type field that you generally set within your logs. Now, one important part to remember is that in Splunk, field extractions are generally defined at a source type level. This is one important part to remember unless you are putting something like rejects on the SPL command. At a global level, they can be defined at the props conve as well as transforms conife file. Now,…

Understanding Regular Expressions Hey everyone and welcome back. Now in the earlier video we were looking into how we can create our own custom addon which would have inputs, conve and outputs convey that addon through the deployment server and look into how exactly the universal forwarder uses that to send the log files. However, when it comes to universal forwarder, it is not just limited to monitoring log files, it can add actually do a huge bunch of things. And today’s video is exactly to see the capabilities of…

ServerClass and Deployment Apps Hey everyone and welcome back. In today’s video we will be discussing in detail about server class and deployment apps. Now, we have already discussed that server class is basically a group which can contain multiple deployment apps. So this is a nice little diagram that I have created where you have the server class. So this outer container is a server class and this server class is called Linux underscore servers. Now, within this server class there are two apps. One is Secure and second…

Configuration Bundle – Part 02 Hey everyone and welcome back. Now in the earlier video we were discussing the basics about what the configuration bundle was all about and how you can push custom configuration like for example indexes cones to the peer nodes from the master indexer. So continue my journey with the configuration bundle. In today’s video we’ll look into some more features of configuration bundle. So last time we had pushed indexes conf, this time we will be pushing certain custom add ons to the peer indexes…

Testing Replication and Failover capabilities Hey everyone and welcome back. So in the earlier video, we had configured the entire architecture where we connected both of the peer nodes with the master indexer. Now in today’s video we will actually see whether the replication is actually working or not. Because we just configured this architecture, we have not tested it yet. So before we do that, typically if you you go into the indexer clustering, like this is the 8001 which is the peer node one. Now if you typically…

Master Indexer Hey everyone and welcome back. In today’s video we will be configuring the first component of the indexer cluster, which is the master indexer. Now, we have already seen the indexer cluster architecture. So the first thing that we need to configure is the master indexer. Now once this is configured, then we can go ahead and configure the peer index node one and the peer indexer node two. Now, speaking about the a master index, so there are three important pointers that we need to remember. First…

Overview of Indexer Clustering Hey everyone and welcome back. In today’s video we will be discussing at a high level overview about the indexer clustering. Now, in the previous section we were discussing about indexer as a component. Now, one important part to remember is that till now we have been doing all the activities within a single Splunk instance. And let’s say whatever data you have in your Splunk instance and your Splunk instance goes down, then typically what would happen is your data would either be lost or…

Masking Sensitive Data at Index Time Hey everyone and welcome back. In today’s video we will be looking into the masking of sensitive data before it gets indexed. Now, typically it might happen that whatever log file that you are ingesting, it would contain or it might contain certain sensitive information like credit card information or Social Security numbers or various other sensitive information. Now, in such cases you might want to mask such information that in such a way that any analyst who might be monitoring your logs, they…