Bringing in Data

Computerized systems are responsible for much of the data produced on a daily basis. Splunk Enterprise makes it easy to get data from many of these systems. This data is frequently referred to as machine data. And since machines mostly generate data in an ongoing or streaming nature, Splunk is especially useful as it can handle streaming data easily and efficiently.

In addition to capturing machine data, Splunk Enterprise allows you, as the user, to enhance and enrich the data either as it is stored or as it is searched. Machine data can be enriched with business rules and logic for enhanced searching capabilities. Often it is combined with traditional row/column data to provide business context to machine data with data such a product hierarchies.

In this chapter, you will learn about Splunk and how it relates to a often used term - big data, as well as the most common methods of ingesting data into Splunk. The chapter will also introduce essential concepts such as forwarders, indexes, events, event types, fields, sources, and sourcetypes. It is paramount that you learn this early on as it will empower you to get the most value from your data. In this chapter, we will cover the following topics:

• Splunk and big data
• Splunk data sources
• Splunk indexes
• Inputting data into Splunk
• Splunk events and fields