The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including SPLK-1003: Splunk Enterprise Certified Admin Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.

Introduction to Splunk Enterprise

25. Splunk Licensing

We have previously explained what Splunk is, how it works, what the components are, and how they perform. We will see now how licencing in Splunk works. Splunk licencing is unlike that of any other product. The licence is based on dataingested into Splunk per day. When I say per day, it is notlike last 24 hours, it is per day. That is from till midnight tothe next day to a midnight. The licence is, for example, measured as 10 GB per day or 100 GB per day. And it can range up to tenGB to couple of TB's per day. The size of a Splunk licence is the amount of data that has been processed by Splunk and stored in Splunk within a span of one complete date. That is how Splunkcharges or Splunk licencing function. There are three different types of licenses. One is the free license, which we have seen in the earlier parts of the tutorial, where when we download a package we get a 500 MB per day licence for a period of 60 days. The second one is the Splunk DeveloperLicense which is ten GB per day. And also, if you develop an app and submit it to the portal once it is verified or published, you will get a pre-approved 50 GB licence per day, which you can use to learn or explore Splunk. In the later part, we'll see how we can get a Splunk Developer License so that we can use it for our own learning purposes. You can probably go ahead and set up your own enterprise plank environment in the Amazon cloud. The third one is the Splunk License enterpriseLicense which is commercial version of Splunk licensingwhich most of the organisations are using. It ranges from ten GB to probably petabytes per day in those kinds of scenarios. And the licencing cost—if you see the cost, it's like if I buy one GB per day, it might cost me $1,000. Yes, $1,000. But if you go for this is just arough estimate, this is not the actual figure. So it might cost up to like $1,000 per GB. So if I go with ten GB, it could cost me $9,000 or more. There is a discount of 10%. So the more licence you buy, thecost reduces per GB as the information.

26. Getting Help on Splunk Issues : Part 1

Now we are already committed to understanding Splunk and becoming Splunk masters. We will see how we can get help when we get stuck at any stage of Splunk learning or implementation or operations. The first option for help, as we saw earlier, was on the Splunk GUI. We have seen this earlier, which lists all the resources necessary for learning or troubleshooting Splunk. The second and probably the best place is Splunk Answers. That is the answer at splunk.com. We know by now that it is kind of a stack overflow for Splunk-related queries, which is a highly active community where a lot of people contribute to exchange and share knowledge. And the third is the Splunk IRC channel. I'll just quickly show you how you can use Splunk's IRC channel. It is basically on EFNet. Let me type in just EFnet. This is an IRC channel where Aztec Splunk is your Splunk channel. Just give whatever name you want and click "Login." It will be connecting to the Splunk channel. There are a lot of Splunk gurus, and you'll probably get faster responses. It will be similar to a chatting application where you can ask questions, type something in, and send it, and someone will respond about Splunk or what is the latest version, any bugs they have discovered, what the issues are, how to troubleshoot, or how to configure a few things. A lot of these people are highly active during US business hours. Rest of the time, it is kind of slow, but Splunk answers on the other side. You will get answers to your queries at any moment during that time. Let me log out of IRC, and we'll go back to our slides. Now we have seen Splunk's IRC channel. The next is the Splunk documentation, which is the best and most accurate place for learning or troubleshooting about Splunk. Probably not for troubleshooting when learning Splunk because most of the documentation is open and available publicly for everyone. It is at Docs.Splunk.com. If you are looking for Splunk Enterprise, it is at Dot Splunk.com.Let me type it for you. Docs.splunk.com documentation will take you directly to the Splunk Enterprise. If you want to just click on Splunk Enterprise, just type in Docs Splunk.com.You'll be taken to Splunk Enterprise. Click on this core product, Splunk Enterprise. You'll be taken to all the documentation that's related to Splunk Enterprise. You'll get accurate information that's most efficient, and it's totally free. You can download any manual whichever you want inthe form of PDF or you can download byselecting specific topic and downloading them as PDF. The most important one, which I keep handy every time, is the Search and Reporting Search Reference Manual, because I can't remember the 140-plus commands. I use this manual to quickly search for the syntax of the commands or which commands best fit my present requirement. The second one, which I usually follow, is the admin manual. These two will be my two tabs in my operations every day because you'll get this good menu called Configuration File Reference with examples of syntax that needs to be configured and a short description of what each configuration file is. You can find all this in your Splunk package, which you have downloaded for installation. But I feel this example menu, which shows what it does and what information it contains, will be highly resourceful during the implementation or configuration. This is the admin manualand configuration file reference. The second one, which I use most commonly, is the search reference, which again has search commands. Since we saw the top command in our previous video, these are 140 or more commands. What do I do if I want to know more about TOP? I search for top. Click on that command and it will display me. complete syntax, a small description, and examples of that comment, which is huge for learning. Plugging and troubleshooting spark You can see any comments that are practicallyin this product in terms for free. This documentation site is the most accurate, and you probably should make the best use of this documentation. Let's go back to our slides. So the next one is the Splunk support. That is, of course, the paid support that comes as part of your license. If you're stuck and there is a business disruption or business impact that's happening, you're not able to resolve the issue. You can raise a call with Splunk by calling them, emailing them, or using your customer portal. You can log in and respond back to you onthe best possible way, that is with the Splunk support. But my experience working on this product is that 80% of the time, you'll find answers from the documentation side or Splunk Answers.com. These two are your best friends for learning Splunk or troubleshooting Splunk. If you can't find answers in these two portals,it's probably a product bug, in which case theSplunk support will come into picture to identify thebug or provide a workplace for this. Information can be obtained at answers.plank.com and Docs.Dot splunk.com.You should be able to resolve your issues regarding implementation or learning.

27. Getting Help on Splunk Issues : Part 2

The Splunk Base is the final option for getting assistance. The Splunk base is the place where we download all the add-ons or apps that are necessary for Splunk to add more values. We can find the configurations related to those apps and also troubleshooting information and a complete guide to those applications. right next to the app that we are downloading. Let's see one of the examples, which is App Store Splunk.com.Now it has been renamed to "Splunk-based," but I'm used to typing apps dot Splunk.com. Let me search for or find some app that I can easily get through. Let's see the machine learning app and how we can get more information, like configuration or documentation, on what the app does. So this is the place where you can get help. There is a YouTube playlist for this channel that's awesome. There is a cheat sheet, and they put in enough effort to make this stuff available. There are details, which include documentation sites, the requirements, and how to install. These are the details that you can get from Splunk Base regarding applications or add-ons.

28. Get 10 GB Free license of Splunk

After learning all this introduction about Splunk and its components, products, the basic UI, how it looks, everything, Now we will see how we can get a free licence from Splunk. Yes, we will get 500 MB of free licence as part of our installation package. But we can get developer licences for free. All you need to do is just click on this link, and it will take you right into the form where you need to submit or log into the portal. if you have not already logged in. As soon as this link loads, if you are not logged in, it will ask you to login. You can log in, and you can click on "Request for Developer License. That's it. You'll get your 10 GB free license, which is valid for six months and is not commercial. You are not authorised to sell it. This tenGB license, you can use it for learning purposesor you can use it to build your own environment. These are the kinds of experiments you can do using your license. After this course, you'll probably be able to develop technology-specific apps. Let's say some of you might be working in big data, some of you might be working in security, some might be working in the health industry, and some of you might be working in banking. Let's say you develop an app specific to your industry that is working fantastically in your organization. You can upload it to Splunk Base, get it approved, and it will be approved probably within a matter of days. And once it is published, you can apply for 50GB of daily licence limit, which is really good for learning Splunk or building Splunk apps. It's 50GB. A lot of companies won't have a 50 GB license, but having an individual 50 GB licence can give you more access for learning Splunk and experimenting with more data and getting in different data sources together. You can probably create an entire AWS or Google cloud environment with a list of your own bare-metal instances.