WEBVTT

00:00.000 --> 00:02.385
>> Hello, and thanks
for coming back.

00:02.385 --> 00:05.250
I'm Natasha, and in this
section we're going to enter

00:05.250 --> 00:09.855
the deceptively simple
question of, what is Splunk?

00:09.855 --> 00:13.080
Splunk is a company worth

00:13.080 --> 00:15.165
several billion US dollars

00:15.165 --> 00:17.025
and based out of San Francisco.

00:17.025 --> 00:19.815
It specializes in data
use and processing.

00:19.815 --> 00:22.395
Splunk has multiple
different products.

00:22.395 --> 00:24.555
But when you refer
to just Splunk,

00:24.555 --> 00:25.920
people most often think of

00:25.920 --> 00:28.590
the Splunk platform and
its core capabilities,

00:28.590 --> 00:30.090
or they may just think about

00:30.090 --> 00:32.190
whatever they have set
up at their company.

00:32.190 --> 00:35.040
Splunk Enterprise, Splunk
Cloud, Splunk Free,

00:35.040 --> 00:36.420
and Splunk Light makeup what is

00:36.420 --> 00:38.805
thought of as a Splunk platform.

00:38.805 --> 00:41.000
In future videos,

00:41.000 --> 00:42.560
we'll discuss the
differences between

00:42.560 --> 00:44.600
these and talk about
other products.

00:44.600 --> 00:47.060
This course will focus
on the common uses of

00:47.060 --> 00:49.790
the popular Splunk
Enterprise and Splunk Free,

00:49.790 --> 00:51.620
and briefly cover
the capabilities of

00:51.620 --> 00:54.859
other products that typically
build on this platform.

00:54.859 --> 00:57.590
The company sums
up its purpose as

00:57.590 --> 01:01.360
Splunk turns machine
data into answers.

01:01.360 --> 01:05.419
To dig a little deeper,
Splunk software aggregates,

01:05.419 --> 01:07.340
processes, analyses,
and helps you

01:07.340 --> 01:09.665
use small and massive
amounts of data.

01:09.665 --> 01:11.615
It's particularly
helpful for turning

01:11.615 --> 01:14.120
unstructured data into
usable information.

01:14.120 --> 01:16.550
Some examples include ingesting

01:16.550 --> 01:19.040
authentication logs and alerting

01:19.040 --> 01:21.125
when there have been
high-volume failures,

01:21.125 --> 01:23.465
or it could collect
web traffic data

01:23.465 --> 01:26.195
and provide statistics
on visitor activity.

01:26.195 --> 01:29.060
Another example would
be storing some data

01:29.060 --> 01:30.470
to let an admin search for

01:30.470 --> 01:32.450
information to
troubleshoot a problem.

01:32.450 --> 01:34.370
You could retrieve
malware alerts

01:34.370 --> 01:36.320
and correlate it
with other activity,

01:36.320 --> 01:39.080
or use a lookup to
define error codes

01:39.080 --> 01:42.335
and organize a problem in
human-readable format,

01:42.335 --> 01:46.040
gather IoT data and provide
meaningful metrics,

01:46.040 --> 01:48.635
sort and store information
required for an audit,

01:48.635 --> 01:51.325
and tons of other uses.

01:51.325 --> 01:54.200
Splunk has a strong community

01:54.200 --> 01:56.630
built around its product
including forums,

01:56.630 --> 01:59.525
conferences, and even local
events in many places.

01:59.525 --> 02:02.450
Its growth has exploded
over the last few years,

02:02.450 --> 02:05.270
but was founded back in 2003.

02:05.270 --> 02:07.610
The easiest way
to get a grasp on

02:07.610 --> 02:10.440
Splunk might be to
take a quick look.

02:10.720 --> 02:13.820
Here's a relatively
empty instances

02:13.820 --> 02:17.050
Splunk Enterprise I have
running on a virtual machine.

02:17.050 --> 02:19.895
I am searching for some data,

02:19.895 --> 02:21.845
just traffic on this machine,

02:21.845 --> 02:25.715
and I found 320 events
in the last hour.

02:25.715 --> 02:28.010
We're going to look at
a single event here,

02:28.010 --> 02:31.220
I can pull this up
and see the raw text.

02:31.220 --> 02:33.830
This itself would be hard for us

02:33.830 --> 02:35.960
to work with, but
as you see here,

02:35.960 --> 02:38.120
it breaks it out into different
fields that I can then

02:38.120 --> 02:41.350
use for other tasks.

02:41.420 --> 02:44.480
Right here, I could
run a simple search

02:44.480 --> 02:47.345
where I look at how many events

02:47.345 --> 02:53.600
have happened in
this data by app.

02:53.600 --> 03:03.855
There we are. Now we've got
to our quiz, true or false.

03:03.855 --> 03:07.360
Splunk can only
handle parsed data?

03:07.520 --> 03:09.685
The answer is false.

03:09.685 --> 03:13.675
Splunk is great for
organizing raw data.

03:13.675 --> 03:16.670
To sum up what we've
learned in this section,

03:16.670 --> 03:19.670
Splunk takes data that's
difficult to handle,

03:19.670 --> 03:21.530
maybe because there's
so much of it,

03:21.530 --> 03:24.710
or because it's unorganized
or meaningless on its own,

03:24.710 --> 03:27.185
and makes it usable
in a variety of ways,

03:27.185 --> 03:30.110
such as for a reporting,
alerting, troubleshooting,

03:30.110 --> 03:33.880
threat hunting, making
business decisions, and so on.

03:33.880 --> 03:36.540
In the next video, we're
going to be talking about

03:36.540 --> 03:40.030
Splunk and your career.
Thanks for watching.