Splunk (1)

Introduction to Splunk

Splunk is a software platform used for searching, analysing and visualising the machine data in real time.

Splunk indexes all data comes from over the organisations and helps them with IT management, security, and compliance by searching, analysing, and generating alerts and reports.

5 Main Functions of Splunk

1. Index

   Collects data from virtually any source

   
   

2. Search & Investigate

   Find events that contain values across multiple data sources on Splunk search bar and analyse using the Splunk search language

   
   

3. Add Knowledge

   Affect how your data is interpreted, classify and add enrichment, normalise it, and save reports for future use

   
   

4. Monitor & Alerts

   Monitor all infrastructure in real time to identify issues, problems, and attacks

   
   

5. Report & Analyse

   Collect reports and visualisations into dashboards