Best Seller!
SPLK-2002: Splunk Enterprise Certified Architect

SPLK-2002: Splunk Enterprise Certified Architect Certification Video Training Course

SPLK-2002: Splunk Enterprise Certified Architect Certification Video Training Course includes 80 Lectures which proven in-depth knowledge on all key concepts of the exam. Pass your exam easily and learn everything you need with our SPLK-2002: Splunk Enterprise Certified Architect Certification Training Video Course.

86 Students Enrolled
80 Lectures
10:52:00 hr

Curriculum for Splunk SPLK-2002 Certification Video Training Course

SPLK-2002: Splunk Enterprise Certified Architect Certification Video Training Course Info:

The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including SPLK-2002: Splunk Enterprise Certified Architect Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.

Getting started with Splunk

6. Splunk Report - Email Clarification (Followup)

Hey everyone and welcome back. So this is the quick followup video based on the Splunk Reports lecture that we were recording. Now, one important part to remember is that if you are expecting emails to be delivered just after this, that might not be the case. Now, the reason why is because, if you go to settings, if you go to server controls, server settings, I mean, within the server settings, you have something called email settings. So this is the email settings that you would generally enter where you have to give your SMTP credentials; it might be Google SMTP credentials or Amazon SES or some kind of SMTP credential through which Splunk can send emails from.also a very important part to remember. So generally, whenever you configure Splunk in enterprise, you would typically give the SFTP credentials of the provider that you would use, and Splunk will use those authentication credentials to send the emails. In the event that you are using Splunk inside Docker, the chances are that the mail might not be sent. So I would just like to make sure that we are on the same page to avoid confusion. So with this, we'll quickly wrap up this video. I hope this has been informative for you, and I look forward to seeing you in the next video.

7. Understanding Add-Ons and Apps

Hey everyone and welcome back. In today's video, we will be discussing Splunk apps and Splunk addons. Now, these two factors, which provide extensibility to a specific log monitoring platform, prove to be very important in determining whether an organisation should go with a specific log monitoring solution or not. So most log monitoring solutions spend a significant amount of time developing comprehensive addons and apps in order to entice clients to purchase their product. So one of the simple examples that I can give you is that many people might opt for Android phones, right? One of the reasons why they opt for Android phones is because the Android Marketplace has almost all the applications that are available. So any vendor who creates a new application will be creating it with the support of Android or iOS. People may be hesitant to switch to Windows Phone because of the lack of application support. So generic applications like WhatsApp and everything else will be supported. But there are a lot of other applications that are not supported for Windows. And this is one of the reasons why alot of people do not opt for it. The same goes for log monitoring solutions. The number of add-ons and apps that are supported is critical during the sales pitch. Now, there are two important things that you will need to know. One is what is addon? Second, let's talk about what apps are all about. Addons are generally used to import and encourage data from any source. It generally contains required field extractions, lookup, save, search, and others. Ads, on the other hand, are more intended to deliver a user experience. So they contain prebuilt dashboards that allow users to easily analyse the data. So let's do one thing. Let's understand this with amuch more better visualisation way. So, in terms of understanding add-on, what we have here is our Splunk instance on the left hand side and AWS on the right hand side. AWS is a pretty famous cloud service provider, which most organisations are now using. So I have taken the example of AWS. Now, Plank, by default, does not have any capability to fetch the data from AWS. In AWS, you typically fetch data through APIs. So boto three is somethingwhich is generally extensively used. So, by default, Splunk does not really support it out of the box. So what you need is you need an addon. So you install a doubles addon on top of Splunk. Now, after you have installed this AWS add on,AWS add on has all the necessary logic, ithas all the necessary field extraction to fetch thedata from AWS and put it inside slug. So this part is done with the help of an AWS add-on. Now, taking one more example of an app, what WhatsApp does is that once the data is inside, it The Splunk app has that capability to make a visualisation out of it. So a lot of applications that you will find contain prebuilt dashboards that will give you an easy understanding of what the data is all about. So this is what apps are generally used for. Apps are basically used for visualization. It contains a lot of visualization-related dashboards that you can use. It also contains a lot of things, but we'll keep it simple. Now, so it does contain visualization, which is something that will stick as of now. Where will you find all of these add-ons and all of these apps? Let's look into it. When you go to, this is the marketplace where you would typically find all the apps and add-ons for Splunk. So if you see Splunk has categorised all of them in various categories, like DevOps, utilities, security fraud and complaints, IT operations, and others, So let's put AWS here for our example, and you would see that there are a lot of add-ons for AWS, but the one that we are interested in is this one: the Splunk app for AWS. And if you go up with them, you will see a Splunk add-on for Amazon Web Services. So typically, for any provider, you would find two things: Addons can be found here. So the add-on basically contains field extractions. It contains logic to take the data from a specific provider and put it in Splunk. And second, the app is used for visualization. So this is the Splunk app for AWS, and you also have a Splunk addon for AWS. So, if you look at the Splunk app for AWS, you'll notice that all of these visualisation dashboards are already built into the app. So if you have the right data, which has been pulled by the Splunk addon for all of these dashboards that you will see over here, it will be automatically populated. You do not really have to do anything. It comes with the app itself, so it becomes much more simple. Let's take one more example. Let me type Linux, and even for Linux, you will see you have a Splunk addon for Unix and Linux as well as a Splunk app for Unix and Linux. So again, there are two things that are present and, as you know, it contains the field extractions app. On the other hand, it contains various dashboards that can make things easier. Even if you look into the Linux app, you'll see it contains various kinds of dashboards that can help you understand the data in an easier manner. Now, whenever you choose specific apps and add-ons, the support is something that you should be looking forward to. Now, there are three types of support criteria that you will generally see in Splunk based.One is Splunk officially supported. The second is developer supported.The third is community supported.So these are the three things that are very important to remember because if you go ahead and install an app or add-on and it is not working as expected or it is breaking Splunk by itself, you will need to take action. So during that time, you might require support. So if it is officially supported by Splunk and if you have a support plan, then Splunk will officially help you debug the issue and solve it for you. If it is not officially supported, then Splunk support will not help you then.The second is developer supported.developer-supported, as in, let's assume I have a specific product and that product already has that application and add-on built by their team itself. So for such cases, you have to contact the product team itself. Again, Splunk will not help you there. The third is community supported.Community-supported means it is not developer-supported; it is not Splunk supported.You'll have to rely on community or you'll haveto rely on your peers to help you troubleshootthe issues if any arises by themselves. So let's look into how they might look in a Splunk-based environment. So if you see over here a Splunk app for Unix and Linux, So you can see that it is a Splunk build. That means this application is built by the Splunk team by itself. And on the right-hand side, if you go to support, it says that this is Splunk supported.So this means that if you install it and something is not working as expected, and if you have a Splunk support plan, you can officially raise a request and the Splunk team will help you troubleshoot and debug the issue. Now, let's take one more example from Okta. So Okta is a pretty famous single sign-on provider, and you will see that you have the Splunk app for Okta and you have the Splunk addon for Okta. Now, this blue thing basically means that it is built by Splunk. So if you quickly open one among them and ifyou go down and you see the support is communitysupported, this means that although this app is published bySplunk but it is not officially supported. This is also important to remember because it's not always the case that if an addon is built by Splunk, they'll officially support it. The chances are they'll not support it. And Octa is something to keep in mind whenever you see an add-on that is officially provided by a specific platform. Assume you are using Opta for single sign-on, and Octa is providing an add-on on their own. Always prefer the add-on that is provided by the platform itself. Do not opt for the Splunk build because plankbuild does not really work all the time. Well, I'll give you one example frequently because we had a difficult time getting data on board for this. So if you'll see over here, there are two add-ons here. One is Tenable add on for Splunk andsecond is Splunk add on for tenable. So this is one of the real-world use cases. I'll just share because one of the teams I was working with was integrating Splunk for vulnerability management with Splunk.So they were integrating Tenable with Splunk, and they found that, hey, there is already a Splunk addon for Tenable, which is already built, so why not use it? And if you go build down it is Splunk supported also. So that is the best bet. However, when they installed this, it was realised that it was not working as expected, and you will see even the ratings. It's not that good. So along with that, you also have the Tenable add-on for Splunk. So tenable add on for Splunk you see ithas good rating and it is a developer supported. So Table themselves have built this addon, and it really works well. It really handles all the data well. So again, you'll have to take a decision. Do remember that not everything built by Splunk works out of the box. It's not that way. Sometimes the add on an app which is officially providedby the platform, they tend to work quite good. So, when you go to your Splunk installation and go to App and click on Find more apps, you will be able to find the applications here and can install them. Now, during the installation, whenever you decide toinstall any app, you will have to putin your credentials here before you cango ahead and install it here. Also, one important part to remember and the last thing that I would like to share is that before you go ahead and install anything, make sure that it is compatible with the Splunk version that you are using. So currently I'm using Splunk Seven Two, so I'll verify within the compatibility tab whether Splunk Seven Two is present or not. If there are certain items that are not supported for Splunk Seven and you try to install them, it will really break your things out.So make sure that you have proper compatibility for the applications before you go ahead and install them in your production Splunk enterprise.

8. Splunk Add-On for AWS

Hey everyone and welcome back. In the earlier video, we were discussing the basics of Splunk addons and apps, and we were also looking into the differences between addons and Apple. During that time, we looked at an example of a S at on and how it can fetch data from AWS and index it in your Splunk instance. Now, with AWS being a very popular cloud service provider, if your organisation is using AWS and if your organisation is going with any log monitoring tool, such as BeatsPlank, Beat Log, or the Thumb Beat Elk, the chances are that you will have to integrate AWS with your log monitoring solution. In fact, I have seen a lot of Splunk guys who have actually registered for the courses related to AWS solutions architects because I regularly get messages from them because they want to understand various AWS services because they have to integrate those services with Splunk. So in today's video, we'll be looking into how we can integrate AWS with Splunk by installing the AWS add-on and looking into how we can fetch the data as well. Now, I'll go to Splunk, and we already know that Splunk out of the box does not have the capability to fetch data from AWS. So what we'll be doing is clicking on "Find more apps," and we'll be installing the Splunk add-on for AWS. So if you type AWS here, let me type AWS. There are a lot of addons which you'll find weare more interested in Splunk addon for Amazon Web Services,I'll go ahead and I'll do an install. So I'll say KP Labs as my Splunk username, and I'll put in the password. I'll go ahead and do an install. So once your addon is installed, you will have to restart your Splunk. So I'll go ahead and I'll click on "Restart." Now everything is perfect, so Restart has been successful. I'll click on OK, and I'll quickly relogin. And now I'll go to the Splunk home page. So now, on the left, you'll notice that you have a Splunk add-on for a bit installed. Now that you have the Splunk add-on for AWS installed, what you have to do is use that add-on to fetch the data from AWS. So that is the next part. So if I click on the Splunk Add-on for AWS, you are redirected to the input page. So the input page is where you can fetch various AWS datasets. So you have Cloud Trail, CloudWatch, and Cloud Front, which is a CDN. If you have ELB logs, which are the load balancer logs, you have a separate input for that. You have a separate input for VPC flow logs, and even custom data types are also supported. So before we use this, what we have to do is provide our AWS username and password to this addon so that addons can log into AWS and it can fetch the relevant data. Now, in AWS, you have the terminology of access and secret key, which you can use to configure your Splunk addon. So if I go to my AWS page, and you go to Im. So if you are using AWS,you are familiar with this terminologies. So within the im, I'll create a new user. Let me name this user as Plankand I'll give it a programmatic access. Programmatic access will essentially provide an access ID as well as a secret key ID. So within the permission, I attach the existing policies directly, and I'm looking for read-only access. and here you have read-only access. I'll click on "next review" and I'll create a user. So once the user is created, you will basically get an access key ID and a secret key ID. This is something that you need to put within Splunk. Now, within the configuration page, if I click on Add, you will basically have the accesskey ID and a secret key ID. So let me give it Kplabs' EWS account. Now, access key ID, I'll copy from here; the secret key again, I'll copy from here, and I'll paste there; then I'll go ahead and click on Add. Perfect. So now it has added my Kpops account here. So once your account is added, you can go to "Inputs." Now, inputs are basically everything since AWS has a lot of services, so if you look into AWS services, it's quite huge. So you have different kinds of input to fetch different types of log files. So you have cloud trail input to fetch cloud trail specific logs, you have cloud watch input, you have configuration, you have CDN specific cloud front access logs, you have a description input, and various others. So, for our example, we will be using the description input today. So when I click on Description, I'll have to specify the name. I'll say Kplab's description. I'll say Kplad's description. Within the account, I'll select the KPOPS AWS account, and within the regions, you have to select which region you want to fetch the logs from. Let me select a few regions that I generally unt, and witSo now I have selected the regions. The next thing that you need to select is the API interval level. After how many interval levels the Splunk add-on has reached, it should make an API call to AWS and retrieve the relevant information. so you can select the interval accordingly. But keep in mind, and this is crucial, that I have seen people give intervals as short as 10 seconds. And this is quite dangerous. Particularly if you have a large AWS account, because AWS limits the number of API calls that an account can make. very important part to remember. I've seen the production service go down because of a rogue application that was making a large number of AWS API calls and there was a large amount of throttled traffic. So do remember that before you select the right interval. So for this example, I'll select the interval as 600 seconds. Because we have a testing AWS account, we do not really have much data, so 600 seconds is something that we use for our testing. So once you have selected the API interval level, you also have Splunk-related configuration where you have the source type, which is AWSdescription, and you have the index. So for the index, I'll put it in the main index as of now, and I'll click on "Save Perfect." So now the input is saved. So what this will do is that it will fetchthe information, so it will fetch the information and itwill store those logs and it will store it withthe source type as AWS description in the main index. So let's just wait for a while and see how these logs appear within the Splunk interface. So it has been a few minutes, and now if I go to Data Summary within the sources, you will see that I have a lot of sources that are present over here, and within the source types, you will also see that I have a new source type that is an AWS description that came from AWS add on. Now, if I go to the source type as an AWS description, let's click here. And now you see that there are a huge amount of logs that have started to come in, and if you click on one of the logs, you will see that this is all the information that it is giving us. Now let me go back to the search menu, and this time we'll search based on the sources. So let's go to the Data Summary. I'll go to sources, and let's click on sources associated with Im users. So, we have created a new Im user. These are all of the Im users who are present here. Now, within the Im user, you'll see it is giving me the ARN, and the ARN has the user name at the end. So it basically gives you information related to how many users are present in a specific AWS account, along with the configurations that are associated with it. So you have a user called AZ. Let's quickly verify I have a user named Zeir. If you go a bit down, you see that it is also showing a user as a plan. So this is a user that we actually created a few minutes ago, and it is actually showing various configurations associated with this user, too. So this AWS add-on not only fetches the data, it is also responsible for all the field extractions over here. So all these logs are getting passed in an easier-to-understand manner, and the Splunk addon for AWS or whatever addon you have is generally responsible for all of these field extractions. So I hope you understood the basics of what add-ons are all about. And if you have a list, or if you do not, I would suggest registering for a free trial so you can integrate it with Splunk and see what exactly it looks like. So with this, we will continue this video, and in the next video, we'll be discussing the Splunk app for AWS, and we'll look into the features that the app provides.

9. Splunk App for AWS

Hey everyone and welcome back. In the earlier video, we were discussing the Splunk add-on for AWS. We installed it and also started to fetch the data from our AWS account. So in today's video, we'll go ahead and install this plank app for AWS because currently, if you see, all we have is a log file; we don't really have any dashboards or some kind of visualisation through which this data becomes much more meaningful to us. Now, one way in which we can make the data much more meaningful is by manually creating the dashboards. However, the Splunk app for AWS already contains a lot of prebuilt dashboards, which can do a lot of information-based visualisation for us. So let's go ahead and install this plum app on AWS. So I'll go to app search and reporting, then find more apps, and within this I'll type AWS, then press Enter, and you'll see that you're getting a variety of add-ons, but you won't find the Splunk app for AWS. Now the reason why is because, generally, the apps and add-ons that you would see here in the list need to be compatible with the current version of Splunk that you are running. So I am running seven and two. So let's quickly go to Splunk base. I'll type Splunk base in Google and I'll go to the first link, and here let me type AWS, and you will see that there is a Splunk app for AWS that is present. So, if I click here and scroll down, you'll see that the Splunk version is 7.1 in the compatibility section. However, the Splunk version that we are using is 7.2, and this is the reason why it does not appear here. Now, generally, a minor version does not really make any major difference; it will work as expected. However, a major version will definitely make a huge difference. So if a specific application or add-on is only compatible with Splunk 6 and you are trying to install it in Splunk 7, it will actually cause a lot of mess up.So avoid those aspects. Make sure that, if you have seven and two, minorversion will not really make a huge difference. So what we'll do is quickly download this plank app for AWS to our computer, and from our computer, we will upload it to the Splunk installation page. So let me quickly log in here. So I'll quickly log in. So once I'm logged in, you can go ahead and download this specific app. So I'll just select the first one, and I'll go ahead and download it. So, you see, this is a TGZ file. I'll save the file, and it gets downloaded to my downloads folder. Now, going back to this plank, if I go to apps and click on Manage apps, it will basically give you details related to the various apps and addons that are present. So on the top right there is an option called "Install from file." I'll click here, and you have to select the TGZ file that got downloaded. So I have selected my Splunk app for an AWS TGZ file. I'll go ahead and upload the app to my Splunk. So once it is installed, you will have to restart it. So let's quickly restart. So the restart was successful, I'll click OK, and I'll relog he restart So now we have logged into our Splunk. So let's do one thing. Let's go back to our Splunk homepage. And this time on the left-hand side, you will see that there is a Splunk app for AWS. So if I click on the Splunk app for AWS, let's look into what exactly it might look like. So, as you'll see, there are a lot of dashboards and visualisations built into this app. And some of the fields are getting populated, like it is showing that I have eleven VPCs. I have one instance that is running currently. So one server is running on AWS. In fact, I should shut it down because it takes up my free time. There are two instances in total, as well as 16 EBS volumes and various others. So all of these are the visualisation dashboards, which are part of the Splunk app for AWS. So, if I open a few more, let's go to security and I'll open up keypad activity. Let's see what dashboards this app provides for various other functionalities. So within the EC 2 instance, you will see that now I have much more great graphical-based scenarios, which give me much better information. So typically, if you integrate your production environment, which might have hundreds of servers, these dashboards will become much more meaningful for you. So, even if I open Keypad Activity, you will see that I have one keypad. KP Lads Heaven You is the name of the keypad, and it has been used 100% of the time. Basically, I only have one keypad through which I log in. So this is showing me the amount of activity that is associated with this specific keypad. Now, one important part to remember is that not all the dashboards will be populated by default. Now, the reason why is because within this plank addon we only enabled one input, which was an AWS description. However, all of these dashboards require various other types of data to be present in Splunk, based on which they will appear. Now, if you want to know what data or query is causing these dashboards to appear, you can hover over one of these and click on the open in search button. So this is a macro, and if you notice the count is eleven, and the same eleven, you can see over here. So in the back end, this is the Splunk query that has been made. If you press Control Shift e, you'll see the actual query where index equals main region equals asterisk and source equals asterisk colon VPCs. So this is the exact Plunk query that has been made to populate this specific dashboard over here. So every dashboard or every field within the dashboard has this associated backend query. So in case you are wondering where this is not appearing, say why this is showing at zero and why it is not appearing. You can click "Open in Search," press Control Shift E, and you'll see that this is a sprung query looking for something of the source type AWS config notification. So this is the source type it is looking for. Now, if I just press source type equal to AWS configuration notification and do all time within the presets and press Enter, you will see that there are zero events, indicating that there are no events. And this is why I'm getting a zero, because there is no data. So in order for these dashboards to appear, what I have to do is add that specific data from Splunk's add-on for AWS. Now, a few more things that I would like to show before we conclude this video are that whenever you do a Splunk add-on for AWS or a Splunk app for AWS, any one of them So let me quickly go into a sample one. Within the details page, you will see that there is documentation. Always go through the documentation; otherwise, sometimes you might make misconfigurations due to which you might expect certain unexpected things. So always go through the documentation. You already have great documentation for various apps and addons that are already available in Splunk. Go through this documentation to see how you can configure your apps and add ons.And only after going through that can you go ahead and install those apps and add-ons and configure them within Splunk. So this documentation provides a great amount of information. Now, along with that, there's one last thing that I would like to show before we conclude this video. So, if you do a Docker PS, you will see that I have Splunk. So please allow me to run a Docker executable Splunk bash. Now, I'm sure that you already know that Splunk gets installed in opt Splunk, and there are a lot of directories over here. We'll be studying each of these. So if you go to war, within war there is a log, and within a log there is a Splunk. And within Splunk, you will see there are a lot of log files that are present over here. And one of the log files that you see is associated with the inputs that you configured in the false plank addon for AWS. So many times, what happens is that if you configure input in your add-on and still see that nothing is working, data is not coming. Now, what will you do in such cases? You need to look into these log files to understand what is happening or to understand whether there are any backend errors that are happening due to which the data collection is not happening. So currently, if I look into the data collection related to the Splunk add-on for AWS description input, I see that there are no real errors, which we have confirmed because the data is coming and our dashboards are also appearing correctly. So this is one tip that I am hoping you'll remember in case something does not really work out. So this is it. In today's video, I hope you understood the basics of what Splunk is. So we took an example of the Splunk app for AWS, and we saw that there are so many dashboards that are already built in, and if you have the right data, all of these dashboards will populate automatically. So with this, we'll confirm this video, and in the next video we'll take up some other great topic related to Splunk.

10. Overview of Dashboards and Panels

Hey everyone, and welcome back. In today's video, we will be discussing dashboards and panels. Now, having a good visualisation of your data is extremely important. I'll give you one example, like in one of the meetings that I was having with senior management, where we were showing them some really complex and useful correlation rules. So although they were happy with that, senior management really encouraged us to have dashboards. So the technical guys were quite happy, but the senior management wanted to see dashboards because that's obvious. They will not understand the raw data. And this is the reason why having dashboards and panels is very important. Typically, all management wants to see some kind of dashboard that gives them visual information, so having skills to build a good dashboard is necessary as a Splunk architect. So Splunk dashboards are basically views that consist of panels. Now, panel can contain various things likesearch boxes, text boxes, it can containcharts, it can contain tables, etc, etc. So in today's video, we'll look into how we can build dashboards that can have various sample panels. So what I have is I am in my source type, where we have our access locks, and let's do one thing: do a top on category ID. So, once we do a top on category ID, you'll notice that I've got a statistics over here that basically shows which category IDs have the most. You can say it has the most views, the most sales, or it is the most popular on Amazon. Now, Amazon management wants to see which products people are viewing the most. So this is something that can be used if they are using Splunk. So now if you go into the visualization, now thisis the pie chart, and it really becomes simple. From here, you can see that strategy has the highest count. Then you have the arcade, then you have the shooter, then you have the scores, et cetera, et cetera.Now, you might want to create a dashboard from these specific logs, from apache logs, that can provide a lot of information, not only related to the top category ideas that are visited, but also some security information, information related to various HTTP response codes, and so on. So now that we have this specific search and this visualization, you can go ahead and do a save as, and you can save it as a dashboard panel. Now you can name this dashboard panel "top category ID," or I'll say "top category products." Let me just rename it, and if you go a bit down, it contains the pie chart and the panel title. I'll say "top category products" and the dashboard title. I'll say access logs and dashboards. All right, we can go ahead and we'll do a save. Now, once you click on "View Dashboard" here, let's wait. So now you see the dashboard's name is AccessLogs Dashboard, and it contains this one visualization. So let's do one thing: let's create a few more visualisations so that we can have a good dashboard. So now let's remove the top part and say stats count by client IP. And now you have one more dashboard. This time, let's save it as something else, and I'll save it as a column chart. We'll go ahead, and we'll create a dashboard panel. This time, since the dashboard is already created, we'll go to "existing." The panel title would be "List of Client IP Addresses" and the panel content would Column Chart." I'll go ahead and save it. So now if you just refresh the access log dashboard, you will see that. Now I have two panels over here: one is Topcategory Products, and the other is a list of client IP addresses. So now that you have the dashboard here, we'll just use two for our sample ones, and we'll be exploring more in the upcoming videos. But once you have the dashboards, which are present over here, you have the option of exporting them to PDF. So let's quickly do that and see what exactly it would look like. As you can see, it was exported to PDF. And if I open up my PDF viewer, you'll see this is a nice little dashboard. So this really becomes much more useful, like if you want to send an email saying what the top category products are that people have purchased and so on. So going back to our access log dashboard, one important part that I wanted to show you is that you can easily edit your dashboard here. So if you click on edit here, you'll see that you have a few different panels. So these are panels. and now you can put this panel side by side. You can move this panel down, and you can put the list of client IP addresses panel at the top. Now, along with that, you can even let me click here and drag it. And now you see, since I dragged it, you have two panels side by side. You can go ahead and save it, and this is what it will look like. So let's click on Edit once again. Now, one important thing to remember is that you can even add a panel from here. So it really depends. It's the same thing, but there are multiple ways of doing things. So this is one part. Now along with that, I wanted to show you that you can edit this via the UI, but you also have the edit source option. Now this is an example, and if you will see over here, you have two dashboards. One is the top category product, and within this, you see you have a query. So this is the query that we had executed. You also have a dashboard with a title list of client IP addresses, and this is the query associated with them. So if you're comfortable with XML, you can use this XML directly, and you can tweak the dashboard-related information. And last but not least, you can even have a darker theme. So let's do a darker theme here. And now, as you see, this is the darker theme. So many people prefer a darker theme because it looks good on a large television where everyone is looking into the dashboard. So this is something that you can do, and along with that, you can even add various inputs. Time Summit functions similarly to a text radio button dropdown. We'll be discussing that in the upcoming videos. But this is something that is also possible.

Read More

Download Free Splunk SPLK-2002 Practice Test Questions, Splunk SPLK-2002 Exam Dumps

File Votes Size Last Comment 1 69.8 KB 2 68.47 KB 4 61.09 KB May 11, 2020
61.09 KB
Last Comment
May 11, 2020
* The most recent comment are at the top

Add Comments

Feel Free to Post Your Comments About EamCollection's Splunk SPLK-2002 Certification Video Training Course which Include Splunk SPLK-2002 Exam Dumps, Practice Test Questions & Answers.

Only Registered Members Can Download VCE Files or View Training Courses

Please fill out your email address below in order to Download VCE files or view Training Courses. Registration is Free and Easy - you simply need to provide an email address.

  • Trusted By 1.2M IT Certification Candidates Every Month
  • VCE Files Simulate Real Exam Environment
  • Instant Download After Registration.
Please provide a correct e-mail address
A confirmation link will be sent to this email address to verify your login.
Already Member? Click Here to Login

Log into your ExamCollection Account

Please Log In to download VCE file or view Training Course

Please provide a correct E-mail address

Please provide your Password (min. 6 characters)

Only registered members can download vce files or view training courses.

Registration is free and easy - just provide your E-mail address. Click Here to Register


ExamCollection Premium

ExamCollection Premium Files

Pass your Exam with ExamCollection's PREMIUM files!

  • ExamCollection Certified Safe Files
  • Guaranteed to have ACTUAL Exam Questions
  • Up-to-Date Exam Study Material - Verified by Experts
  • Instant Downloads
Enter Your Email Address to Receive Your 10% Off Discount Code
A Confirmation Link will be sent to this email address to verify your login
We value your privacy. We will not rent or sell your email address


Use Discount Code:


A confirmation link was sent to your e-mail.
Please check your mailbox for a message from and follow the directions.


Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.