Once, when I picked up a book from the local library, the librarian asked to tell her what I thought about the book when I would bring it back. Well, why not write a few lines about all the books I read so everybody could see what I thought about it? I'm often also happy to have friends recommend a certain book or tell me this and that is not really worth reading. I won't comment about the tons of books I have read so far, but about books I read from now on.
| highly recommended | sehr empfohlen | |
| good reading | gutes lesematerial | |
| average | durchschnittlich | |
| not too interesting | nicht allzu interessant | |
| recommended not to read it | empfehlung das buch nicht zu lesen |
 |
|
|---|---|
| title | Exploring Splunk |
| author | David Carasso |
| ISBN-10 | 0-982-55067-7 |
| ISBN-13 | 978-0-982-55067-0 |
| ASIN | |
| rating | |
| date | 2012-Nov-25 |
You're using Splunk? I think you want to get this book.
Exploring Splunk is not a thorough tutorial teaching you everything there is to know, but it is both, a fairly good introduction and a reference you may often reach for. Therefor it is a book for newbies and old hands alike.
Chapter 1 is about the history of Splunk and why you might want to use it. If you're already using it, not much to gain from.
Chapter 2 gives an overview of how data can be fed to Splunk and details what happens when the data is read in and indexed. How to install and start the software is explained too.
Chapter 3 has lots of useful information about the GUI elements and the basics of how searches work in general.
Chapter 4 shines with a lot of samples on how searches can be built. It is nice to see a book which not only explains things in text, but also gives numerous samples in code and as a big bonus visualizes what it explains. The visualizations are generally easy to understand and thus very useful. Well done!
Chapter 5 then goes on to move beyond mere simple searches: field extraction, reporting, visualizations and alerts.
Part 2 of the book, chapters 6 to 8, take a problem-solution approach. Each chapter presents a number of "problems" (or simply tasks) you may want to solve with Splunk and one or more ways to achieve that goal. Each solution is well explained and along the way you will how to use more of the capabilities of Splunk. Many of the solutions mentioned here are things, which you are likely to need sooner or later when trying to solve a non-trivial task. Even experienced Splunk users are likely to flip these pages from time to time. This part covers areas such as concurrency, comparing different time ranges, identifying spikes, identifying and reporting on transactions, lookup tables and more.
Appendix E contains an useful Quick Reference Guide. You may have seen something similar as a short PDF sheet or in printed form, but it certainly is useful to have it in the book so this can be your one-stop Splunk reference.
So is this the perfect all-you-need-to-know Splunk book? No. Neither does it cover configuration, nor advanced charting or menu creation, etc. But at around 150 pages, it does an excellent job and for many users it will be all they ever need. However, there is one detail I absolutely hate about this book: there is no index!
