All Apps and Add-ons

Ideas on how to create a Splunk show for management

pgadhari
Builder

Hi Experts,

I want to do a POC on Splunk. I have installed it on my Linux box. I know the search capability of it. I want to convince my management about its operational intelligence and data analytics capability. My management wants to see how Splunk can provide data analysis from application till the server os level. For this I want to make a setup. I can pull the logs from web, app, db, network and OS to my splunk server, but I want some ideas on creating the searches, scenarios and dashboard that will show various ways of data analysis from purely infrastructure point of view in datacenter environment. If you guys can provide me or guide me in some direction, that will very much helpful.

Thanks
Pankaj

0 Karma

tskinnerivsec
Contributor

The easiest one to do a POC with would probably be one of the cisco apps. I only say that because you could ingest cisco syslog realtively painlessly. A lot of the operating system apps work best when you are using a universal forwarder installed on client servers to collect the data. This wouldn't be a problem if you have a test lab to use. The other alternative is to research using the data generators to create test data for different platforms to demo splunk's search and visualization capabilities.

0 Karma

lukejadamec
Super Champion

Install the apps for the various components and systems in your environment, and play with them. That will give you an idea of how Splunk can work for your environment. There are a great many apps, so they should give you quite a few ideas.

Also, it would be a good idea to take the tutorial.

0 Karma

lukejadamec
Super Champion

Here is the link to the main Apps page. There is a button at the bottom to show all apps. There are a lot of apps. I know nothing about your environment, so it is hard to point you specific apps. However, the CIM app is a good one for correlation, tho it can be trick to configure.

0 Karma

pgadhari
Builder

Thanks Luke for your response. Can you direct me to some apps and scenarios which I can install in my environment ? to show case something from data analysis point of view. I have already started going through the tutorials. Do you have any link through which I can create a co-relation event scenarios, that would be great.

--Pankaj

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...