.conf 2014: The Community Report
Whew! Welcome back from .conf, everyone. I know it’s been two weeks since we all hung out together in the Community Lounge, but it still feels like we only just left the MGM yesterday…
All for you: the Community Lounge
This year at .conf, we created an intentional space for our amazing user community: you. You folks are the reason we’re here, and we wanted you to have a cool place to meet other Splunk users, talk about the stuff that matters to you, and get a little fun in at the same time.
The Answers Desk
Shining a Light on Industrial Data
Enabling Insights from Industrial Data and the Internet of Things
This week we announced that our technology partner, Kepware Technologies, released the Industrial Data Forwarder (IDF) for Splunk as part of their most recent KEPServerEX update. This application enables a new and much easier way to connect to, index and analyze industrial data at scale in Splunk Enterprise and Splunk Cloud.
Industrial data is a broad term for the machine data that is generated in industrial environments by industrial equipment, as well as by embedded computing platforms affiliated with SCADA and other automation and control systems. It typically represents physical sensor readings (temperature, vibration, pressures, valve position, etc.), or variables in the control algorithms that manage …
Mitigating the POODLE Attack in Splunk
By now you are probably tired of seeing poodle memes. Fear not! Instead, I will share mitigation techniques on how to protect Splunk against this attack and leave out the memes.
Let me preface the different techniques by adding some context to the exploitability of POODLE: This attack requires that an attacker have MITM (Man In The Middle) access to your communication between the client and Splunk. This is a important point to keep in mind when considering different mitigation techniques and their aggressiveness. I mention this because many of you do not have your Splunk deployment exposed to the internet architecturally, or require VPN access to your corporate network before a client can access Splunk. This reduces the risk …
Using Alerts to Send Data to Amazon S3
A customer recently asked me to prove a concept where Splunk could see a certain type of incoming event and then pass information from that event into their Amazon S3 storage. I knew that Splunk could create alerts for event conditions and then fire off a script when the alert triggers, but I had never made it work with Amazon S3.
I decided to implement this using Amazon’s Boto library for Python. There’s lots of good documentation on this library here, but the short of it is that it enables you to send data to a bucket on Amazon S3 programmatically through a Python script. As you may know, Splunk comes with its own Python implementation can easily run …
Now Time For the Splunk Weather Forecast
If you were at .conf last week you would have likely seen some of the exciting Internet of Things projects people are using Splunk for. I think Ed Hunsinger put it best:
So far I’ve heard about @splunk being used for planes (Royal Flying Doctor), trains (New York Air Brake), and automobiles (VW). #splunkconf
Watching .conf 2014 from a far in the UK, I got excited about some of my own IOT projects. Then I remembered Brian Gillmore’s call for cool projects using Splunk with the RaspberryPi. At the same moment, by pure chance, I got an email telling me AirPi circuit boards (a RaspberryPi connected weather station) were back in-stock.
And it was settled. I would build a RaspberryPi …
RDP to Windows Server from a Splunk Dashboard – Example Code
A while back, I wrote blog post explaining how to RDP to a Windows Server from a Splunk Dashboard. The steps involved the following:
- Create a Controller – this generates the .rdp file on the server and delivers it to the client.
- Create a custom endpoint in web.conf – this part enables url access to the controller created above.
All the nitty-gritty details were spelled out in the blog post. However, if you learn better by example (like I do), then there is a new GitHub repo that has a working example for you. In the …
Integrating Active Directory into Splunk with SA-ldapsearch
On Tuesday, I introduced one of the first presentations at .conf2014 – a major update to the SA-ldapsearch app. This new app has now launched and you can download it at http://apps.splunk.com/app/1151/. The app consists of four specific commands: ldapsearch, ldapfetch, ldapfilter and ldapgroup.
- We dropped the requirement for Java on your search head
- We added support for Search Head Pooling
- We added a GUI configuration page and connection testing
- We provided full UTF-8 support
The ldapsearch command is a generating command and is used in a similar way to other generating commands like inputlookup. You run it like this:
| ldapsearch domain=SPL search="(objectClass=user)" attrs="sAMAccountName,cn"
We have added some new features in this release. Firstly, the output …
Getting value from your data just got really fast. Introducing Splunk Enterprise & Hunk 6.2
Traditionally, a lot of time has been spent collecting and preparing data. Eventually you get to ask the questions of the data, start to create the right analytics and get the insight you need from it. This can take a lot of time.
Where we really need to get to, is the ability to get to the “asking” stage and to get the value from the data as quickly as possible:
With that in mind, I’m delighted to announce …
Splunk MINT—A fresh approach to mobile analytics
We’re at .conf2014 and it’s been a blast so far. We’ve had great attendance and lots of positive interactions! In our keynote this morning, we announced our first mobile intelligence offerings since our acquisition of BugSense last year—Splunk MINT. MINT, short for “mobile intelligence,” gives insight into what users are experiencing and doing with your mobile apps. Clint Sharp, our Senior Director of Product Management spared no dramatics in letting the audience know how important mobile intelligence is to Splunk and our 7,900 customers.
Panos Papadopoulos and I will walk through these products in our breakouts on Tuesday (2-3p.m.) and Thursday (2:15-3:15p.m.). You’ll also get to see Splunk MINT in action. The conference app is enabled …
How to boost your apps performance with insights from virtualization and storage?
Are you getting the most out of your virtualized infrastructure investment? If your critical applications are suddenly running slow, how do you identify where exactly and how widespread is the issue causing the degradation. Is it the storage latency problem, overcommitted resources or something else? To find out answers to these questions and more join our “Getting Deeper Insights Into Your Virtualization and Storage with Splunk” session on Thursday, October 9th, 11:45 AM, suite 121-122.
Here is a sneak peek into our session. First, we will dive deeper into Splunk Apps for VMware and NetApp Data ONTAP and help you get better understanding of the value these extremely popular Splunk apps can bring to your enterprise. After that our amazing virtualization expert Mike Donnelly, …