What The Splunk?

Splunk is a flexible and powerful data analytics platform. While the capabilities it provides are many, the learning curve can be quite steep and mastering Splunk can be a little daunting. Are you new to Splunk and still trying to get your head around how it can benefit you or your organisation? Perhaps you are a seasoned Splunker who is trying to perform some amazing piece of Splunk-fu and need a little guidance?

Well look no further! Katana1 and our Ninja's, BMF's, and Brazilian fighting monks are here to equip you with what you need in the battle with the evil forces of self-doubt, time constraints and loser bosses who will never understand Splunk.

There are heaps of great resources on the internetz to help you on your data analytics journey:

Corporate Website What is Splunk (e-learning) Tutorials Documentation The Splexicon Training Splunk Wiki Splunk Answers Splunk Apps IRC Conferences (SplunkLive and .Conf) User Groups Books Professional Services


Corporate Website

The corporate web site (http://www.splunk.com) is a wealth of business, industry and technical information. There are white papers, webinars and technical briefs that cover a wide variety of topics including best practices, customer/industry case studies, business cases and HOWTOs. There's even a customer case study on there featuring yours truly (http://www.splunk.com/view/splunk-at-corporate-express/SP-CAAAFNR).

Of particular note are the free education videos - http://www.splunk.com/view/education-videos/SP-CAAAGB6. These videos are aimed at users who have installed Splunk and are ready to start Splunking.

Splunk also has a YouTube channel (https://www.youtube.com/user/splunkvideos) which hosts videos such as customer case studies as well as technical and solution overviews. Here is an example (some can be a little yawnie):



Speaking of videos, there is also Splunk TV (http://splunk.tv), which has an eclectic range of Splunk-related video clips. Splunk TV also hosts Splunk’s podcast, Splunk Talk. It’s been a little sporadic of late but well worth a listen.


What is Splunk (e-learning)

This one hour course is delivered as web-based training (WBT) and gives a nice introduction to Splunk. It must be noted that using this WBT will require registration with ViewCentral (http://www.viewcentral.com), the learning management system that Splunk uses to deliver web-based training.

 Unofficial Search Tutorial (Dive Into Splunk)

David Carasso, Splunk's Chief Mind, has put together a great tutorial aimed at getting you Splunking your data ASAP. You can access it at his website (http://www.innovato.com/splunk/GettingStarted.htm). He has also put together a great little cheat sheet titled Splunk for SQL Users (http://www.innovato.com/splunk/SQLSplunk.html).

Official Search Tutorial

The official search tutorial takes you step-by-step from downloading and installing, ingesting data, all the way through to creating dashboards. The latest version can be found here (http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial).

Documentation (docs.splunk.com)

Splunk has very comprehensive and very detailed documentation which can be obtained at http://docs.splunk.com. There are numerous examples and scenarios throughout to illustrate key concepts and commands. The Splexicon (http://docs.splunk.com/Splexicon) is a great way to get up to speed for all those new Splunkers who are still coming to grips with all of the new terminology. The Splunk Dev site (http://dev.splunk.com) is specifically aimed at developers and provides comprehensive documentation on Splunk’s various SDKs as well as it’s Web Framework.



Splunk has a comprehensive training (and certification) program. The details of Splunk training courses can be found here - http://www.splunk.com/view/education/SP-CAAAAH9. The leading Splunk training provider in Australia is DNA - http://www.dna.com.au/DNA-Splunk-Education-Training-Courses. DNA can deliver training via the web (which is the standard delivery mechanism) or come out on site for face-to-face delivery.


Splunk Wiki (wiki.splunk.com)

This contains wisdom distilled from the many years' experience of battle-hardened Splunk veterans. Like any community maintained wiki, it may contain obsolete or patchy information in some spots, but it is definitely worth checking out. A key article titled “Things I wish I knew then” is a must read for both new and experienced Splunkers (http://wiki.splunk.com/Things_I_wish_I_knew_then)


Splunk Answers (answers.splunk.com)

Do you have a problem in Splunk or are wondering how to perform a particular task? The chances are that someone else out there has experienced the same issue or has posed the same question. Splunk Answers is a *fantastic* forum to discuss all things Splunk. Whether it is architecture, the best way to correlate data or the semantics of a search command, you will find a community of passionate, experienced and very very smart Splunkers ready to help you out.


Splunk Apps (apps.splunk.com)

The Splunk Apps website embodies all that is awesome about Splunk’s passionate and dedicated community of users and developers. There are all kinds of the great contributions from Splunk, technology partners and individuals covering all kinds of apps, technology platforms and use cases. If you haven’t already downloaded the following apps, then I recommend you do so at your earliest convenience:

Splunk Overview (https://apps.splunk.com/app/1892/)

Splunk Dashboard Examples (https://apps.splunk.com/app/1603/)

Splunk Web Framework Toolkit (https://apps.splunk.com/app/1613/)



If you go to the #splunk channel on efnet, you will meet Splunkers from all corners of the globe including many Splunk employees. Check out the Splunk Wiki for more information (http://wiki.splunk.com/Community:IRC).


Splunk Blogs (blogs.splunk.com)

Splunk employees blog about all kinds of stuff related to Splunk. You can pick up some pretty handy nuggets of wisdom.



Conferences (SplunkLive and .Conf)

Since 2010, Splunk has hosted an annual worldwide user conference, known as .Conf. This represents a meeting of minds where users and Splunk Partners from across the globe converge on (typically) Las Vegas to mingle with Splunk employees and hear customer use cases, learn about latest developments and, most importantly, to have fun! Check out http://conf.splunk.com/ for details of the next .Conf.


SplunkLive events are on a smaller scale. Throughout the year, Splunk travels from city to city to provide updates, make announcements and give existing customers an opportunity to present and discuss specific Splunk use cases. In addition to these keynote and guest speakers, there are typically breakout sessions held in the afternoon that cover technical and non-technical Splunk topics. Check out the following link to see when SplunkLive is heading to your neck of the woods - http://www.splunk.com/page/events.



Exploring Splunk (SPL Primer And Cookbook) - Written by David Carasso, Splunk's Chief Mind, this book provides a great opportunity to dive into the intricacies of Splunk. And you know what the best thing is? The electronic versions of it are free! Yes, free! It can be downloaded from http://www.splunk.com/goto/book.

Here are some books that have been written and are available for purchase on Amazon:

Splunk Operational Intelligence Cookbook (http://www.amazon.com/Splunk-Operational-Intelligence-Cookbook-Diakun/dp/1849697841)

Big Data Analytics Using Splunk (http://www.amazon.com/Big-Data-Analytics-Using-Splunk/dp/143025761X)

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence:



Professional Services (aka Hire-A-Ninja)

Of course, if you have an extra big task, you also have the option of tapping into a Splunk Professional Services partner. Have I mentioned that K1 have some of the most experienced Splunk Ninja's in the country?


We are always on the lookout for Splunk talent, so please contact us if you are interested in being a part of one of Australia's fastest growing start ups:



Shaun Butler and Luke Harris. @sajbutler @skywalka