https://github.com/bautt/splunk4champions2
Splunk App for Splunk4Champions Workshop
https://github.com/bautt/splunk4champions2
dashboard-studio dashboards pre-sales search spl splunk workshop workshop-materials
Last synced: about 2 months ago
JSON representation
Splunk App for Splunk4Champions Workshop
- Host: GitHub
- URL: https://github.com/bautt/splunk4champions2
- Owner: bautt
- Created: 2022-10-11T10:18:33.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2026-04-15T11:16:29.000Z (about 2 months ago)
- Last Synced: 2026-04-15T11:28:34.162Z (about 2 months ago)
- Topics: dashboard-studio, dashboards, pre-sales, search, spl, splunk, workshop, workshop-materials
- Language: Python
- Homepage:
- Size: 6.09 GB
- Stars: 23
- Watchers: 3
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
 
# Welcome to the Splunk4Champions Workshop!
An interactive, hands-on Splunk workshop delivered as a Splunk app. Participants follow guided labs through a React UI embedded directly in Splunk — no slides, everything runs inside the platform.
Built for experienced Splunk users: admins, use case developers, and champions who want to go deeper.
## Who should attend
- Experienced and ambitious Splunk users
- Use case owners and developers
- Splunk admins
## What's covered
| Chapter | Topics |
|---------|--------|
| **0 · Setup** | Health Check — verify indexes and app/Splunk version at a glance |
| **1 · Settings** | GUI options, Search Assistant, SPL2, Stock Index Search & tstats |
| **2 · Data** | Indexes, buckets, data pipeline, distributed architecture, data aging |
| **3 · Search** | Search basics, command types, Job Inspector, terms/segmentation, tstats, tips & quiz |
| **4 · Metrics** | Log-to-metrics, mcollect, mcatalog, mstats, weather data reference, stock index metrics lab |
| **5 · XML Dashboards** | Base search, drilldown, annotations, colors, post-processing |
| **6 · Dashboard Studio** | Tutorial, data sources, interactivity, layout, custom visualizations, canvas viz library, sharing |
| **7 · Mobile** | Splunk Mobile overview and demo |
## Installation
Download the latest release from the [Releases page](https://github.com/bautt/splunk4champions2/releases/) and install as a standard Splunk app.
- Compatible with Splunk 8+
- Works on Splunk Cloud
- Not intended for production systems — no warranty
If you have access to **show.splunk.com**, the workshop is available on Splunk Show.
## Included datasets
The app ships with real historical data used across the labs:
- **`s4c_stocks`** — 10 years of daily OHLCV for 10 global stock indexes (DAX, S&P 500, NASDAQ, Dow Jones, FTSE 100, CAC 40, EuroStoxx 50, Nikkei 225, Hang Seng, SMI). Updated daily via scripted input.
- **`s4c_meteo_historic`** — Daily historical weather (2016–present) for the cities hosting each exchange. Used for weather/market correlation exercises.
- **`s4c_weather`** — Real-time OpenWeatherMap data for metrics labs.
- **`s4c_tutorial`** — Web server logs for search and dashboard exercises.
## Phyphox experiments
After creating a HEC for Phyphox data, add to the HEC config:
```
/etc/apps/splunk_httpinput/local/inputs.conf
[http://phyphox]
allowQueryStringAuth = true
```
---
## Screenshots
#### Setup — Health Check
Verify index status, event counts, and date ranges. Shows Splunk and app version at a glance.
#### Chapter 1 — Settings: Search Assistant
#### Chapter 1 — Settings: Stock Index Search (SPL & tstats)
#### Chapter 2 — Data: Index and Buckets
#### Chapter 3 — Search: Search Basics
#### Chapter 3 — Search: Job Inspector
#### Chapter 3 — Search: Terms & Segmentation
#### Chapter 3 — Search: tstats
#### Chapter 4 — Metrics: Searching Metrics
#### Chapter 5 — XML Dashboards: Base Search
#### Chapter 6 — Dashboard Studio: Overview
#### Chapter 6 — Dashboard Studio: Canvas Visualizations by Robert Castley
Production-ready Splunk Canvas 2D API visualizations — cloned, built, and invoked directly with no Splunk experience required. No future development dependency or Claude Code needed.
---
## Credits
Workshop content is collected, consolidated, and adapted from public .conf presentations, blog articles, and Splunk Docs. All information is provided "as is" with no guarantee of completeness, accuracy, or timeliness.
- Originally created by **Andreas Greeske** and **Tomas Baublys** in 2020
- Version 2.0 rebuilt by **Tomas Baublys** on the Splunk UI template by **Daniel Federschmidt**
- Suggestions and improvements welcome: [tbaublys@splunk.com](mailto:tbaublys@splunk.com)
**Canvas Visualizations** section powered by [splunk-custom-visualizations](https://github.com/rcastley/splunk-custom-visualizations) by **Robert Castley** — a library of production-ready Canvas 2D API visualizations for Dashboard Studio.
### Special thanks for public content
Martin Müller · Clara Merriman · Richard Morgan · and many others linked throughout the app
### Special thanks for improvements and problem solving
Dirk Nitschke · Holger Sesterhenn · Henri Mak · Lukas Utz