Splunk Technology

Splunk Inc. is an American software company based in San Francisco, California, that produces software for searching, monitoring, and analyzing machine-generated data via a web-style interface.

Splunk is data collection, analysis & Visualisation Tool. Companies use this tool to collect and monitor various types of data such as Application Metrics, Application logs, Transactional Data, Customer Data, Network Data, Configuration Settings, csv , Security data, and more.

It can collect all of the mentioned types of data and even more and then process all of that data based on conditions set by the user and finally visualize that data for further presentation and a better understanding of the Data collected.

Why Continuous Monitoring?

Continuous Monitoring is an important part of Software Development. It is something we take up as a measure to maintain the health of software and to improve the quality of the software, and this is based on the feedback we get from the insights gained from monitoring.

Types of Monitoring

System Performance

Process monitoring?

Integration

Application Performance

Business Monitoring

Monitoring Tools

Speed, scale, and analytics for hybrid infrastructure monitoring. Splunk Infrastructure Monitoring is?a purpose-built metrics platform to address real-time cloud monitoring requirements at scale.

SPLUNK BENEFITS

Real-Time Performance Monitoring

Logging Tool

Stack Security & Alerting

Dashboards & Visualisations

Data Analytics

Very easy to Use

Good customer support

ML abilities

Splunk Products

Splunk Core

Splunk IT operations

Splunk Security

Splunk DevOps

Splunk Enterprise set of tools

Splunk Enterprise Layout

How to work with users, roles, and secret storage using the Splunk Enterprise SDK for Python?

Users, roles, and secret storage

Users

Splunk has a single default?user?("admin"), and if you are running Splunk Enterprise, you can add more users (Splunk Free doesn't support user authentication). For each new user, you add to your Splunk Enterprise system, you can specify:

• A username and password
• A full name
• An email address
• A default time zone
• A default app
• One or more roles to control what the user can do

Roles

Roles?specify what the user is allowed to do in Splunk Enterprise. Splunk Enterprise includes predefined roles that you can modify, or you can create new roles. The predefined roles are:

• admin: This role has the most capabilities.
• power: This role can edit all shared objects and alerts, tag events, and other similar tasks.
• user: This role can create and edit its own saved searches, run searches, edit preferences, create and edit event types, and other similar tasks.
• can_delete: This role has the single capability of deleting by keyword, which is required for using the?delete?search operator.
• Splunk-system-role: This role is based on?admin, but has more restrictions on searches and jobs.

Each role is defined by a combination of these permissions and restrictions:

• Capabilities, specify the system settings and resources the user is allowed to view or modify. For example, you could allow users to list data inputs but not edit them. For a full list of capabilities, see "Capabilities", below.
• Restrictions on searches and search jobs. For example, you can set a limit on the number of concurrent search jobs the user can run, or restrict the data that the user can search by setting a search filter.
• Allowed indexes, to explicitly specify which indexes the user is allowed to search.
• Indexes to search by default.
• Other roles to inherit properties from.

When you inherit other roles, their capabilities, restrictions, and properties are not merged with those of the current role, but rather they are maintained separately. For example, if you list the capabilities of a role, its inherited capabilities are not listed—you must explicitly request a list of?inherited?capabilities. When a role is modified, the changes are made automatically where ever the role is inherited.

You can also assign one or more roles to each user. When multiple roles are assigned, the broadest permissions from these roles are given. Specifically, the user's permissions are the union of all capabilities and the intersection of the restrictions.

Secret storage

Secret storage in Splunk Enterprise allows for the management of secure credentials. When you store a secret in a Splunk app, the platform encrypts the password with a secret key that resides on the same machine. You can manage access to this service based on a user's capabilities. For example, users require the?list_storage_passwords?capability to read plain text secrets and the?admin_all_objects?capability to create, update, and delete secrets.

The user, role, and secret storage APIs

To work with users, roles, and secret storage in the Splunk Enterprise SDK for Python, use these classes through an instance of the?splunklib.client.Service?class:

• The?splunklib.client.User?class for an individual user.
• The?splunklib.client.Users?class for the collection of users.
• The?splunklib.client.Role?class for an individual role.
• The?splunklib.client.Roles?class for the collection of roles.
• The?splunklib.client.StoragePassword?class for an individual secret.
• The?splunklib.client.StoragePasswords?class for the collection of secrets.