Tracking calls and SMS with Splunk

splunk-app-for-twilio

The first thing I think of when someone mentions a call centre: “Those guys that call me at 2300 trying to sell things I didn’t even know existed”.

That’s a little unfair. Call centres and telecommunication systems are vital to all of us around the world, though rarely do we look deeply into the vast amounts of valuable data being generated. I want to change this.

In this post we’ll examine data generated by Twilio, a service that allows you to bake voice and SMS capabilities into your apps.

But remember, Splunk is a machine data platform. If you’re not using Twilio,  this data could be taken from any other voice or SMS management system.…

» Continue reading

Updating the iplocation db

When Splunk added the new version of the iplocation command in v6.0, it added the ability to add location info without the need for internet concenttivity. We did this by shipping a custom version of the MaxMind DB in the 6.0.x release. However, because we used a Splunk specific version of the DB, you still had to wait for a new version of Splunk to get a new copy of the DB.

In 6.1 we added support for using the native MaxMind DB (.mmdb), allowing you to update the DB yourself at anytime! It looks like some of you have already figured this out (Go George go!), but I figured I would add some additional info about this …

» Continue reading

What are Splunk Apps and Add-Ons ?

If you have ever uploaded a contribution to Splunk Apps you’ll see the following option : app_addon   But what does this really mean ? What is the difference between an App and an Add-on ? Both are packaged and uploaded to Splunk Apps as SPL files and then to install them in your Splunk instance you simply untar the SPL file into etc/apps .But the content and purpose of Apps and Add-ons certainly differ from one another.

Add-ons

An Add-on is typically a single component that you can develop that can be re-used across a number of different use cases.It is usually not specific to any one single use case.It also won’t contain a navigable user interface.You cannot open an Add-on from …

» Continue reading

Splunk + Cloudera for Hadoop–Better Together

This is a guest post contributed by Amr Awadallah, Ph.D., Co-Founder and Chief Technology Officer, Cloudera

On July 23, my friend Todd Papaioannou and I are co-hosting a webinar on a subject that’s very important to me. As co-founder and CTO of Cloudera and a long-time Hadoop user dating back to my days at Yahoo, I recognize that big data, for all its promise, also comes with its share of challenges. A central one being how to make data exploration and analysis on petabyte-scale datasets across distributed systems accessible to people without advanced data science backgrounds.

That’s one of the things I really like about Hunk, Splunk’s analytics and visualization solution for Hadoop. It’s a powerful platform that allows you …

» Continue reading

Atlanta Splunk User Group this Friday!

Just a reminder to folks that the monthly user group meeting is this Friday! If you haven’t already, please RSVP to the Meetup page so that we have an accurate count for food and building security.

The agenda:

• 11:30 – 12:00 Networking, lunch

• 12:00 ( 5-10 min) – Welcome, introductions

• 12:10 – 1:20 Presentations:

Michael Conner, Coke CCR – Automating Splunk app deployment in AWS

Hutch, Splunk – Advanced Visualizations

Hal, Splunk – Techniques for analyzing Splunk performance

• 1:20 – 1:30 Open discussion, next meeting logistics, close…

» Continue reading

Retail Success at John Lewis

Since I joined Splunk a few months ago, I’ve had the opportunity to hear about some amazing things customers are doing with Splunk. During those conversations, I’ve noticed that most of our customers have a similar experience – they download Splunk to solve a specific issue, but quickly find out it can do so much more.

John Lewis is a prime example. In a recent press release, we announced how this UK retailer is using Splunk Enterprise to support the operations of a website that generates over 1 billion pounds in sales per year. The company initially downloaded Splunk to solve a single problem. In this case, John Lewis was trying to identify and resolve an extremely arcane technical …

» Continue reading

Deploying Splunk Securely with Ansible Config Management – Part 1

Intro

More times than not I have seen corporations struggle with config management and it is key for concise mitigation and remediation plan. Interfacing with a variety of Splunk customers the corporations whom do implement a config management system usually have a different tactic on how to manage Splunk while doing it in a secure fashion. In this series of blog posts which will hopefully walk you through a simple deployment of Ansible all the way to the most complex use-cases I have seen. I will first be covering how Ansible can be leverage to manage a simple Splunk deployment on your own hosts. Part 2 we will cover how this can be done in a larger scale with EC2 …

» Continue reading

Monitoring Local Administrators on Windows Hosts

It is always gratifying when one of my readers comes to me with a problem. I love challenges. This one had to do with one of my old posts surrounding Local Administrators remotely. Of course, the way to do this is via WMI. However, it doesn’t quite work the same way locally. This is because the WMI call to Win32_Group.GetRelated() returns other stuff as well. So the question posed was “how do I get the list of Local Administrators locally.” More specifically, I want to monitor the local Administrators group.

I look at this two ways. Firstly, I want to get a regular list of names in the Administrators group and secondly, I want to monitor for changes to the …

» Continue reading

Splunking web-pages

Have you ever had a situation where you found information on a webpage that you wanted to get into Splunk? I recently did and I wrote a free Splunk app called Website Input that makes it easy for everyone to extract information from web-pages and get it into a Splunk instance.

The Problem

There are many cases where web-pages include data that would be useful in Splunk but there is no API to get it. In my case, I needed to diagnose some networking problems that I suspected was related to my DSL connection. My modem has lots of details about the state of the connection but only within the web interface. It supports a syslog feed but it doesn’t include …

» Continue reading

Big data just got its Tricorder

Tricorder

In Star Trek a Tricorder is described as:

“A Tricorder is a multifunction hand-held device useful for data sensing, analysis, and recording data, with many specialized abilities which make it an asset to crews aboard starships and space stations as well as on away missions”.

I’m happy to announce the launch of the Splunk Mobile App, which unofficially I’m calling the “Big Data Tricorder”. You can download it from here (iTunes).

The Splunk Mobile App allows you to take the Splunk (Starship) Enterprise platform and allows you to explore strange new insights, to seek out new data and new visualizations, to boldly go where no machine data has gone before.

You can find more in the official press release here

» Continue reading