Remote Images Retrieval With Splunk Using Custom Command “”

Every once in a while my customers ask for a functionality that is not natively supported by Splunk. Out of the box Splunk is a very capable platform, however, there are certain tasks Splunk is not designed for. But that never stops a Splunker from finding a solution! The use-case I am about to discuss in this blog is an example of that: The customer owns large chain of pharmacies across the country, the bulk of the stores transactions end up in Hadoop Data Lake; the customer wants to use Hunk/Splunk to visualize and analyze the massive amount of information collected, which is something Hunk can do easily. The challenge came about when I was asked if Splunk could show …

» Continue reading

Splunk Add-on > Where’s That Command – Converting a Field’s Hexadecimal Value to Binary

When looking through Splunk’s Search Reference Manual, there are a ton of search commands with their syntax, descriptions, and examples.  After all, if Splunk is the platform for machine data, there needs to be an extensive list of commands, functions, and references that guide Splunkers through the Search Processing Language (SPL).  But one would think that we had everything covered, right?  Well, almost….

I have a couple of great customers from the Houston, Texas area to thank for this.  Gabe and Andrew (you know who you are) are not only strong Splunkers, but frequent the Splunk Houston User Group (SHUG) meetings and are always looking for ways to expand their use of Splunk as well …

» Continue reading

What’s next? Next-level Splunk sysadmin tasks, part 1


(Hi all–welcome to the latest installment in the series of technical blog posts from members of the SplunkTrust, our Community MVP program. We’re very proud to have such a fantastic group of community MVPs, and are excited to see what you’ll do with what you learn from them over the coming months and years.
–rachel perkins, Sr. Director, Splunk Community)


Hi, I’m Mark Runals, Lead Security Engineer at The Ohio State University, and member of the SplunkTrust.

While deployed to Bosnia years ago I latched onto something I heard in a briefing once: When loosely describing when particular roadmap type things would take place, the person speaking said there were things that were going to be done Now,

» Continue reading

Splunk Selected as Jabil’s Global Security Nerve Center

Jabil_50We know how important the ability to quickly detect, investigate and respond to security threats is in protecting the organization from cyberattacks. We also know that investing in security solutions is a careful and meticulous process. This is why we’re honored that global manufacturing services company, Jabil Circuit, Inc., has selected Splunk Enterprise Security (ES) as its global security nerve center and expanded its use of Splunk Enterprise for IT Operations across its global infrastructure.

With more than 100 facilities in 28 countries – and more than 180,000 employees, Jabil has been using Splunk Enterprise for a number of years to monitor the health of those global networks. Adopting Splunk ES as the security nerve center at Jabil was …

» Continue reading

There is a “LOG”! Introducing Splunk Logging Driver in Docker 1.10.0

Splunk is very excited to announce that the latest release of Docker now includes the Splunk logging driver for Docker. The driver lets you easily capture and unify all stdout from Docker containers to further diagnose, monitor and alert when problems are reported (e.g., HTTP 40x/50x errors,  NullPointerException, OOM, etc.).
Built on the HTTP Event Collector (HEC) available in Splunk 6.3,  log events are sent securely and efficiently. Minimal configuration is required…

  1. Enable HEC under  Settings->Data Inputs->HTTP Event Collector->Global Settings
  2. Create a New HEC Token
  3. Configure the Splunk logging driver parameters

RESULT: Logs are collected and can be analyzed real-time in Splunk by your DevOps teams!


Also included in Splunk’s logging driver is support for Docker labels in the …

» Continue reading

Smart AnSwerS #53

Hey there community and welcome to the 53rd installment of Smart AnSwerS.

With Super Bowl 50 madness phasing out this week, our rescheduled San Francisco Bay Area User Group meeting is a go for tonight at Splunk HQ! Splunker Erik Cambra will be giving a talk on how Splunk splunks…(drum roll)…Splunk! If you happen to be in the area, come on by! If you can’t grace us with your presence because you’re miles away, then be sure to check out the Splunk User Groups site to find an upcoming meeting near you :)

Check out this week’s featured Splunk Answers posts:

Why am I getting inconsistent event counts when using wildcard characters to match event field values?

splunkIT was …

» Continue reading

Splunk Renews Commitment to the National Cybersecurity Center of Excellence

SplunkGov LogoLast year, Splunk announced its collaboration with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST). The NCCoE works with experts from industry and government to address the most pressing cybersecurity problems that businesses face with practical solutions using commercially available technologies.

Over the course of several months, Splunk worked with NCCoE and others on a project to help strengthen cybersecurity in the financial sector through better IT asset management. NCCoE published a practice guide to help financial institutions to implement the IT asset management system.

NIST-Logo_1The example solution can help financial institutions to reduce their risk by enhancing the visibility of assets, identifying vulnerable assets, and enabling faster response to security threats. …

» Continue reading

Get In-Depth Visibility Into Your AWS, ServiceNow and Akamai Environments with our New and Updated Cloud Service Apps

“A business is simply an idea to make other people’s lives better.”
– Richard Branson, Founder of Virgin Group.

And one of the most optimal ways to make this idea a reality, is to deliver services through the cloud.

Our customers wanted an operational intelligence solution that could be consumed as a service. In October 2013, we announced the availability of Splunk Cloud. Our customers then asked us to provide purpose-built apps that provided operational intelligence and visibility around various Cloud Services. Today, we are happy to announce that we have greatly enriched this portfolio.

Splunk App for AWS 4.1.0

In October 2015, we announced a big overhaul to our Splunk App for AWS to give customers critical operational and …

» Continue reading

Splunk at CiscoLive! Berlin

CiscoLive Europe is taking place next week in Berlin Splunk will be in attendance. Drop by the “World of Solutions” at Booth G10 to pick up a Splunk T-Shirt, learn more about the Cisco and Splunk Partnership and see Splunk and Splunk Cisco Apps in action.

We will also be offering the chance to walk through an incident response scenario. During this, we will demonstrate how Splunk and Cisco can support this process and explain what capabilities you would need to successfully respond to any incident.

Splunk Partner Session

We will also be hosting a Splunk Partner Session, focusing on the topic of: “Greater Operational and Security Insight Within & Across Your Cisco Environment (BRKGS-2607)”, so be sure

» Continue reading

Smart AnSwerS #52

Hey there community and welcome to the 52nd installment of Smart AnSwerS.

A BoardAtWork group was started at Splunk HQ for folks interested in, well, playing board games at work during lunch or after hours. We had our first game night earlier this week and had a nerdy great time…even though I was the first one dead 😛 Just glad to unwind and share my love for games with fellow Splunkers after a long day!

Check out this week’s featured Splunk Answers posts:

Why is the Host IP value from udp:514 syslog input incorrect for one device?

evgenyv was collecting syslog events through a udp:514 input and needed help figuring out why only one device was reporting a …

» Continue reading