What are Splunk Apps and Add-Ons ?
If you have ever uploaded a contribution to Splunk Apps you’ll see the following option : But what does this really mean ? What is the difference between an App and an Add-on ? Both are packaged and uploaded to Splunk Apps as SPL files and then to install them in your Splunk instance you simply untar the SPL file into etc/apps .But the content and purpose of Apps and Add-ons certainly differ from one another.
An Add-on is typically a single component that you can develop that can be re-used across a number of different use cases.It is usually not specific to any one single use case.It also won’t contain a navigable user interface.You cannot open an Add-on from …
Splunk + Cloudera for Hadoop–Better Together
This is a guest post contributed by Amr Awadallah, Ph.D., Co-Founder and Chief Technology Officer, Cloudera
On July 23, my friend Todd Papaioannou and I are co-hosting a webinar on a subject that’s very important to me. As co-founder and CTO of Cloudera and a long-time Hadoop user dating back to my days at Yahoo, I recognize that big data, for all its promise, also comes with its share of challenges. A central one being how to make data exploration and analysis on petabyte-scale datasets across distributed systems accessible to people without advanced data science backgrounds.
Atlanta Splunk User Group this Friday!
Just a reminder to folks that the monthly user group meeting is this Friday! If you haven’t already, please RSVP to the Meetup page so that we have an accurate count for food and building security.
• 11:30 – 12:00 Networking, lunch
• 12:00 ( 5-10 min) – Welcome, introductions
• 12:10 – 1:20 Presentations:
Michael Conner, Coke CCR – Automating Splunk app deployment in AWS
Hutch, Splunk – Advanced Visualizations
Hal, Splunk – Techniques for analyzing Splunk performance
• 1:20 – 1:30 Open discussion, next meeting logistics, close…
Retail Success at John Lewis
Since I joined Splunk a few months ago, I’ve had the opportunity to hear about some amazing things customers are doing with Splunk. During those conversations, I’ve noticed that most of our customers have a similar experience – they download Splunk to solve a specific issue, but quickly find out it can do so much more.
John Lewis is a prime example. In a recent press release, we announced how this UK retailer is using Splunk Enterprise to support the operations of a website that generates over 1 billion pounds in sales per year. The company initially downloaded Splunk to solve a single problem. In this case, John Lewis was trying to identify and resolve an extremely arcane technical …
Deploying Splunk Securely with Ansible Config Management – Part 1
More times than not I have seen corporations struggle with config management and it is key for concise mitigation and remediation plan. Interfacing with a variety of Splunk customers the corporations whom do implement a config management system usually have a different tactic on how to manage Splunk while doing it in a secure fashion. In this series of blog posts which will hopefully walk you through a simple deployment of Ansible all the way to the most complex use-cases I have seen. I will first be covering how Ansible can be leverage to manage a simple Splunk deployment on your own hosts. Part 2 we will cover how this can be done in a larger scale with EC2 …
Monitoring Local Administrators on Windows Hosts
It is always gratifying when one of my readers comes to me with a problem. I love challenges. This one had to do with one of my old posts surrounding Local Administrators remotely. Of course, the way to do this is via WMI. However, it doesn’t quite work the same way locally. This is because the WMI call to Win32_Group.GetRelated() returns other stuff as well. So the question posed was “how do I get the list of Local Administrators locally.” More specifically, I want to monitor the local Administrators group.
I look at this two ways. Firstly, I want to get a regular list of names in the Administrators group and secondly, I want to monitor for changes to the …
Have you ever had a situation where you found information on a webpage that you wanted to get into Splunk? I recently did and I wrote a free Splunk app called Website Input that makes it easy for everyone to extract information from web-pages and get it into a Splunk instance.
There are many cases where web-pages include data that would be useful in Splunk but there is no API to get it. In my case, I needed to diagnose some networking problems that I suspected was related to my DSL connection. My modem has lots of details about the state of the connection but only within the web interface. It supports a syslog feed but it doesn’t include …
Big data just got its Tricorder
In Star Trek a Tricorder is described as:
“A Tricorder is a multifunction hand-held device useful for data sensing, analysis, and recording data, with many specialized abilities which make it an asset to crews aboard starships and space stations as well as on away missions”.
I’m happy to announce the launch of the Splunk Mobile App, which unofficially I’m calling the “Big Data Tricorder”. You can download it from here (iTunes).
The Splunk Mobile App allows you to take the Splunk (Starship) Enterprise platform and allows you to explore strange new insights, to seek out new data and new visualizations, to boldly go where no machine data has gone before.
You can find more in the official press release here…
Splunking Social Media: Tracking Tweets
So you use Twitter and have heard Splunk can do “Big Data”. By tapping into Twitter’s API you can use Splunk to investigate the stream of tweets being generated across the globe.
The great thing about using Splunk to do this is that you have complete control of the data meaning it’s incredibly flexible as to what you can build. A few basic ideas I’ve had include tracking hashtags, following specific influencers, or tracking tweets by location in real-time.
What’s more, it takes a matter of minutes before you can start analysing the wealth of data being generated. This post will show you how.…
Splunk Named a Leader in Gartner Magic Quadrant for SIEM…again!
This week Splunk was named a leader in Gartner’s 2014 Magic Quadrant for Security Information and Event Management (SIEM) for the second year in a row. For the MQ, Gartner evaluated Splunk® Enterprise and the Splunk App for Enterprise Security and also spoke to multiple Splunk customers as part of the process. To read the Gartner report, please register here.
We are very proud of this award, as it reflects the success that you, the security and compliance customers of Splunk, have had with our product. We now have thousands of security and compliance customers across the world using Splunk for a wide range of use cases including log management, incident investigations, forensics, real-time correlations and alerting, advanced …