Cross-Platform Scripted Inputs

Building an app and making sure that it is environment agnostic can be a bit challenging. One challenge that I come across  over and over is how to make it work cross-platform… whether Splunk is installed on Windows, MacOS or *nix environments.

A good illustration of that challenge is when you use a “Scripted Input” in your app. Scripted Inputs are one of the many ways you can use Splunk to run scripts to collect data from 3rd party interfaces such as REST. Referencing that script in a Windows environment is different than the way you would do it in a MacOS environment.

Let’s take the example of the following scripted input stanza:

[script://./bin/scripts/snow.py incident]

disabled = 1

index …

» Continue reading

The Role of Big Data in Improving the Quality and Efficiency of Healthcare – Part 2 RMADA

In part two of the healthcare analytics topic we take a look at the RMADA RFP.

It is only through measurement that the quality of healthcare delivered can be improved and its delivery made more efficient. The Federal government needs to facilitate the highest quality at the lowest cost. Medicare, Medicaid and the Children’s Health Insurance Program (CHIP) all involve the use of Federal dollars and the Center for Medicare Services (CMS) has access to a massive amount of data the that could be used for planning, analysis, implementation, and rapid cycle evaluation of innovation and determine program effectiveness.

The purpose of the RMADA RFP, (contract awarded July 2014) is to solicit bids to, “…develop a Research, Measurement, Assessment, …

» Continue reading

APP WALKTHROUGH: Workflow Actions

One of the best ways to learn is by example.  If you want to build your own Splunk app, one of the best things you can do is dissect other apps.

In the below youtube video, I slowly go through a simple but useful app that adds “workflow actions”, which allow you to write custom actions for events and their fields.  This video shows you how it works and how you can make apps like it.

I go line-by-line, file-by-file, explaining everything.  You will learn something.

» Continue reading

APP WALKTHROUGH: Writing a custom search command

One of the best ways to learn is by example.  If you want to build your own Splunk app, one of the best things you can do is dissect other apps.

In the below youtube video, I slowly go through a simple but useful app that adds a single search command: timewrap.

I go line-by-line, file-by-file, explaining everything.  You will learn something.

Youtube video: Splunk App Walkthrough: Timewrap

A few notes:

  • Yes, that’s a Hobbit movie poster behind me
  • It’s about 50 minutes long, most of it dealing with the details of the python search command.
  • Tell me if it was helpful, or what I could do to improve it.

» Continue reading

Splunk, Big Data and Healthcare Analytics in the Federal Government – Part 1 The Veterans Administration

There have been three interesting events that have occurred recently in the area of healthcare analytics that deserve our attention:

  • The passage through the US House and Senate of the Veterans Access to Care through Choice, Accountability, and Transparency Act;
  • The development of a government IDIQ (indefinite delivery/indefinite quantity) contract to develop a Research, Measurement, Assessment, Design, and Analysis (RMADA) that will provide analytic support and technical assistance for models and demonstration programs that are derived under the Patient Protection and Affordable Care Act (ACA) and;
  • Department of Defense Healthcare Management System Modernization (DHMSM) Program procurement task orders.

These three activities all highlight the need for a big data solution in healthcare that can provide accountability, …

» Continue reading

Is Big Data IT’s gift to the CEO?

Data Gift copyAt the beginning of June, I was at the Gartner CIO & IT Executive Summit in Berlin. It was an interesting event to attend in terms of the advice given to the CIOs at the event, how to deal with the “digital industrial revolution” and how to support the CEO’s top business priorities.

 

From the Gartner survey, a CEO’s top five priorities for 2014/15 are growth, costs, profit, IT and the customer.

Growth was number one and to support the CEO’s top priorities, Gartner suggested that the CIO will need to deliver a digital technology architecture, an enterprise information architecture, a strong cybersecurity & risk program and an industrialized IT infrastructure.

After the keynote, I attended one of the presentations …

» Continue reading

Risk Analysis With Enterprise Security 3.1

    The Risk Analysis Framework was introduced as a new feature in Splunk App for Enterprise Security 3.1, and provides users with the ability to utilize a risk scoring system for assigning varying levels of risk to a multitude of different assets and identities.

    In the context of the Risk Analysis Framework- assets, identities, and anything else you would consider assigning a risk score to, is referred to as a Risk Object. Risk Objects are categorized under different Risk Object Types. For example, if ‘brians_laptop’ was our Risk Object it would be categorized under the ‘system’ Risk Object Type. Out of the box, Enterprise Security 3.1 comes configured with 3 different risk object types: ‘system’ for assigning risk …

» Continue reading

Streaming a new class of data into Splunk – Introducing the Splunk App for Stream

Last year in December, we announced the acquisition of Cloudmeter – a company with technology that captures data directly from the network traffic – a rapidly growing source of big data.

Today, I’m stoked to announce the general availability of the Splunk App for Stream v6.0, which stems from that acquisition.

So, why is wire data  (data from the network) important? Wire data has the benefit of capturing all data in real-time – it is the communication vehicle for applications and systems to talk to each other, making it a very authoritative source of critical information. It serves a broad range of analytics across different use cases; it is non-intrusive with no impact to workloads and it can be collected …

» Continue reading

PDF printing and logos

Working on the Splunk OEM team, we are often asked if it is possible to replace the logo printed on PDF reports. The short answer is yes, it is possible but it is kind of a hack. The workaround would not be Splunk upgrade safe, there are some limitations to what the SVG can do, and you would need to edit some Python. With that being said, the request to make this easier is already in the laundry list of improvements we are looking at for PDF printing.

Let’s get started:

  • The default Splunk logo is hardcoded in the $SPLUNK_HOME/lib/python2.7/site-packages/splunk/pdf/pdfrenderer.py file. Make sure you backup the file before editing!
  • At the bottom of the file, you will notice a variable
» Continue reading

P=MV. Splunk Cloud Momentum

In the cloud as well as in the physical environment, P=MV.

Momentum=Mass x Velocity

Today, Splunk announced major momentum for Splunk Cloud.  We announced the industry’s first 100% uptime SLA for machine data analytics AND a 33% price reduction for Splunk Cloud AND new plans up to 5TB/day AND bursting flexibility up to 10x licensed data volumes AND the free Splunk Online Sandbox.

How are we able to gain so much momentum?  You guessed it… by multiplying Mass x Velocity.

Mass

At last count, we had over 7,400 organizations using Splunk in over 90 countries. Leading enterprises such as Intuit, Cisco, and Domino’s Pizza, relying on Splunk to fuel their success across IT and the business. Add to …

» Continue reading