Databases Reference
In-Depth Information
3.
Configuring a Splunk installation for a specific purpose
: In a distributed
deployment, there are several different purposes that are served by
the multiple installations of Splunk. The behavior of each installation
is controlled by its configuration, and it is convenient to wrap those
configurations into one or more apps. These apps completely change
the behavior of a particular installation.
Included apps
Without apps, Splunk has no user interface, rendering it essentially useless. Luckily,
Splunk comes with a few apps to get us started. Let's look at a few of these apps:
•
gettingstarted
: This app provides the help screens that you can access from
the launcher. There are no searches, only a single dashboard that simply
includes an HTML page.
•
search
: This is the app where users spend most of their time. It contains
the main search dashboard that can be used from any app, external search
commands that can be used from any app, admin dashboards, custom
navigation, custom css, a custom app icon, a custom app logo, and many
other useful elements.
•
splunk_datapreview
: This app provides the data preview functionality
in the admin interface. It is built entirely using JavaScript and custom
REST endpoints.
•
SplunkDeploymentMonitor
: This app provides searches and dashboards
to help you keep track of your data usage and the health of your Splunk
deployment. It also defines indexes, saved searches, and summary indexes.
It is a good source for more advanced search examples.
•
SplunkForwarder
and
SplunkLightForwarder
: These apps, which are
disabled by default, simply disable portions of a Splunk installation so
that the installation is lighter in weight. We will discuss these in greater
detail in
Chapter 11
,
Advanced Deployments
.
If you never create or install another app, and instead simply create saved searches
and dashboards in the app
search
, you can still be quite successful with Splunk.
Installing and creating more apps, however, allows you to take advantage of
others' work, organize your own work, and ultimately share your work with others.
Search WWH ::
Custom Search