Blogs

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: unfair karma practices, using your own supply, finding one-another at Splunk> Live!, and sweet harmonies.

Karma trickery

Maybe all Drainy needs is a little friendly competition:

<Drainy> What! I just answered someone’s question, they commented that it was the slashes, then they posted it as their own  answer and accepted that
* Drainy waves fist
<kkolb> Drainy: You just want to get ahead in the Karma race. (breathing down your neck)
<Drainy> damn straight
<kkolb>
<Drainy> I’ve spent a good month off it, come back and all these…

As the number of apps Splunkbase hosts continues to grow (260+ as of now), we’ve noticed that it has become common for people to search for apps that are compatible with a specific version of Splunk.  Sure, you could check the “Splunk compatibility” field on an app’s Details page and see whether a given app was compatible with your version of Splunk, but there was no easy way to look at all compatible apps.  As a result, we’ve decided to make our search smarter—we’ve improved it to support the Splunk version.

To try it out, type the Splunk version that you are looking for in the Search input box for apps (for example, 4.3) and hit Enter or click

It is amazing to see the interesting ways that customers are using Splunk to enhance visibility into their business. Not only that, but just how quickly they are able to respond to new requests.  I was with a customer recently who is indexing approximately 1 Terabyte (TB) of data per day and are now fielding requests from all of their application teams.

A core part of their business is their billing system, which is comprised of many different solutions based on various acquisitions and spanning many geographies.  Their Service Oriented Architecture (SOA) is the glue that brings all of those systems together.  Any communication to the back end billing system must go through the SOA messaging layer.  For many years…

Couple of weeks ago, we talked about the need to appropriately invest in people, when you invest in technology.  I wanted to continue the discussion and focus on the new area of “Big Data” – more specifically the analyst who works on big data – the “Data Scientist” and the data analyst.

I love the term “data scientist”.  It has finally made the data junkie’s job title more glamorous.  It has given both name and fame to the role.  Well everyone is talking about “big data”.  Many organizations think  hiring a data scientist is requirement for solving all “big data” problems and the only analyst required with a big data problem are data scientist. If you have invested in…

On the second Tuesday of each month, Splunkers in the Dallas / Fort Worth Metroplex area have been getting together on a regular basis to talk about all things Splunk. Seems the users are able to take advantage of spending just a couple hours with each other, trading notes about Splunk, helping each other solve problems with our Splunk deployments and configurations, and sharing a beer and pizza too.

BTW, we are 40 members and counting now!

Our next meeting will be held at the Splunk Office in Plano, Texas on Tuesday, June 12th @ 6:00p CST.

If the White House’s recent Big Data Research and Development Initiative is any indication, big data is a big deal for government. However, collecting, analyzing and reacting to large amounts of machine-generated data can prove to be challenging for agencies

Yesterday we teamed up with Bob Gourley from CTO Vision to host a Twitter chat on how government can make sense of it all. From data analysis for operational intelligence to log management for cyber defense, we covered a number of ways agencies can make the most of their data. Here are a few key takeaways from the discussion

• Determine how to deal with the data explosion. One of the most significant barriers to harnessing big data

…

How many times have you been challenged by your management with the following adages?

“You have to do more with less.”

“Congratulations on staying under budget. We’re cutting your funding by 15% this year. You’re welcome.”

“Wow. This dashboard looks great! I want every VP in the company to have something like this. By tomorrow morning.”

Dilbert jokes aside, this happens every day to our customers. They invest the requisite time to learn Splunk, enthusiastically win over additional lines of business, and continually strive to innovate new and better methods of getting work done.

But most customers tend to hit a plateau of sorts with Splunk.

The fires are extinguished, automated alerts provide some proactive capabilities…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: slow learners, how not to get dizzy when configuring props and transforms, bureacracy in action, and Good Guy Splunk:

If you build it, they will (eventually) come

(But you might have to disable their ssh access to the production hosts first):

<mlanghor> ahh, the joy in your co-worker coming by with advanced Splunk questions, “how can I use that rex command you talked about a few weeks ago to extract something?”
<troj> mlanghor: I don’t get those kind of questions
<troj> I get more of the “I want to see just regular old log…

We’ve had the question posed to us several times over the years:  “What impact would the addition of an SSD have to my Splunk environment?”  Referencing Splunk Answers:

http://splunk-base.splunk.com/answers/10417/splunk-on-solid-state-disk

Raitz is dead-on in his reply.  As data flows into a Splunk indexer, we are write-I/O heavy.  Sequential write performance on SSD vs SAS is pretty similar so no real benefit for Splunk on an SSD here.  These benchmarks illustrate this.

RAID0 w/SSD

RAID0 w/SAS

(These are RAID controller benchmarks but they still demonstrate the point)

Since a Splunk indexing server pulls dual duty and responds to search requests as well as performs indexing, what is the impact of an SSD on search performance?  Splunk searches can be categorized in two…

Recently, I thought I was caught in a phishing scheme where I created an account on an e-commerce site to checkout and as soon as I clicked on the checkout button, it asked me to log onto a well known site. It turned out that the original site was badly implemented and it should have told users that they are affiliates with the other site. Nevertheless, I went to Phishtank to make sure that no one had complained about the original e-commerce site.

This got me thinking that since phishing occurs all too often, there must be a way for a corporations to verify that their users are not going to phishing sites and if they are to know…