Splunk Essentials for Infrastructure Troubleshooting and Monitoring

It’s free, it’s easy, it’s our newest Splunkbase solution! We are beyond excited to introduce Splunk Essentials for Infrastructure Troubleshooting and Monitoring.

You may be wondering, what in the world are Splunk Essentials? Splunk Essentials are a series of free learning apps created by our very own Splunkers. They are designed to guide users down prescriptive use case paths to support a full engagement model and ultimately bring organizations success. We often hear from our customers that they use Splunk for one reason or another, but know they could be utilizing it for so much more. That’s why the Splunk Essentials series was created—to provide clear direction and workflow mapping to better serve our users and ensure they take full advantage of their Splunk deployment.

If you’re new to Splunk, or you want to get a handle on advanced use cases, Splunk Essentials for Infrastructure Troubleshooting and Monitoring (ITM) is a great place to start. Splunk for ITM can help you uncover and master IT use cases by providing sample data, screenshots and Splunk’s powerful Search Processing Language (SPL). Splunk Essentials for ITM showcases tons of working examples that can be used to address IT teams’ real-world pain. Here’s a quick rundown of what else you can expect from Splunk Essentials for ITM:

Use Cases

Once the Splunk Essentials for ITM app is downloaded and installed, it’s ready to roll. The introduction page contains all the available use cases:

  1. Infrastructure Troubleshooting
  2. Container Monitoring
  3. Server Monitoring

We currently have 51 examples across these three use cases.


Clicking on one of the use cases will bring you to a list of examples. Each example will fall under one of the four stages of IT:

  1. Search and Investigate: You have the data onboard, how do you search for the details?
  2. Proactive monitoring and alerting: You understand the data but want to be more proactive and get quicker notifications.
  3. Operational visibility: You’re ingesting advanced data sources and using it to capture insights into your environment
  4. Real-time business insight: You are business aware, now it’s time to apply those data sources to correlate to real business KPI’s.

With each stage, Splunk wants to help you adapt and conquer the right use cases that make sense for your company.

Each example is documented so you can understand how it works, how to use it, why it’s important, and the level of difficulty. We’ve even provided data onboarding guides for some of the top data sources that feed these examples.

Each example provides insight into how this can be applied in your environment. After reviewing the examples, you are encouraged to turn it loose on your own data! To help you better match the example to your environment, we have prerequisite checks and thorough documentation. You can save searches directly from this app to create an alert action in Splunk Enterprise.


To keep track of where you’re at in the maturity of a specific use case, you can bookmark individual examples. Just click the white bookmark icon to the right of each example and it will turn black, signaling it’s been bookmarked.

Then from the top navbar, in the Infrastructure Troubleshooting and Monitoring Content menu, you can navigate to your bookmarks in Bookmarked content.

We’re big fans of this Bookmark feature because it allows for tracking individual implementation stages. Keeping an active list of what’s going, and being able to export content to Excel spreadsheets, can help with reporting and keeping tabs on the workflow of your implementation.

Essentials to Get Started With...Essentials

We recommend you start by determining which of the four stages of the Splunk IT Journey best represents where your organization is at today. Next, you can go to the Splunk Essentials for Infrastructure Troubleshooting and Monitoring app and explore the examples associated with that stage in the journey. The filters allow you to hone in on precisely the use cases, areas, and data sources that are applicable. If at any point you run into any issues, go to the ‘Documentation’ tab then click ‘Ask a question.’ This feature hooks directly into Splunk Answers so you have direct communication with support.

So check it out! See where you’re at in your journey. Track your progress; take the use cases and implement them in other departments; go beyond basic use cases and enable others to learn by looking at them as real-world scenarios. The best way to truly appreciate all that Splunk for ITM has to offer is to experience it for yourself.

Shoutout to Splunker Domnick Eger for helping make Splunk Essentials possible. Check out other existing Splunk Essentials: Application Analytics and Business Analytics. These will all be refreshed on a quarterly basis so keep a lookout for more use cases and examples!

Felicia Dorng

Posted by