Splunk platform administration: the big picture

The Admin Manual provides information about the initial administration tasks as well as information about the different methods you can use to administer your Splunk software. For a more specific overview of what you can do with the Admin Manual, see How to use this manual.

Below are administration tasks you might want to do after initial configuration and where to go to learn more.

Task: Look here:
Perform backups Back up configuration information
Back up indexed data
Set a retirement and archiving policy
Define alerts The Alerting Manual
Manage search jobs Manage search jobs

For more administration help, see the manuals described below.

Get data in

Getting Data In is the place to go for information about data inputs: how to consume data from external sources and how to enhance the value of your data.

Task: Look here:
Learn how to consume external data How to get data into Splunk
Configure file and directory inputs Get data from files and directories
Configure network inputs Get network events
Configure Windows inputs Get Windows data
Configure miscellaneous inputs Other ways to get data in
Enhance the value of your data Configure event processing
Configure timestamps
Configure indexed field extraction
Configure host values
Configure source types
Manage event segmentation
Use lookups and workflow actions
See how your data will look after indexing Preview your data
Improve the process Improve the data input process

Manage indexes and indexers

Managing Indexers and Clusters tells you how to configure indexes. It also explains how to manage the components that maintain indexes: indexers and clusters of indexers.

Task: Look here:
Learn about indexing Indexing overview
Manage indexes Manage indexes
Manage index storage Manage index storage
Back up indexes Back up indexed data
Archive indexes Set a retirement and archiving policy
Learn about clusters and index replication About clusters and index replication
Deploy clusters Deploy clusters
Configure clusters Configure clusters
Manage clusters Manage clusters
Learn about cluster architecture How clusters work

Scale Splunk platform deployments

The Distributed Deployment Manual describes how to distribute Splunk platform functionality across multiple components, such as forwarders, indexers, and search heads. Associated manuals cover distributed components in detail:

Task: Look here:
Learn about distributed Splunk platform deployments Scale deployments
Perform capacity planning for Splunk platform deployments Estimate hardware requirements
Learn how to forward data Forward data
Distribute searches across multiple indexers Search across multiple indexers
Update the deployment Deploy configuration updates across your environment

References and other information

The Splunk documentation includes several useful references, as well as some other sources of information that might be of use to the Splunk software administrator.

Reference: Look here:
Configuration file reference Configuration file reference in the Admin Manual
REST API reference REST API Reference Manual
CLI help Available through installed instances of Splunk Enterprise. For details on how to invoke it, read Get help with the CLI in the Admin Manual.
Release information Release Notes
Information on managing Splunk platform knowledge objects Knowledge Manager Manual