Smart AnSwerS #65

Hey there community and welcome to the 65th installment of Smart AnSwerS.

We have a couple back-to-back community events happening right after the upcoming long Memorial Day weekend! The next SplunkTrust Virtual .conf Session is scheduled for Tuesday, May 31st at 12:00PM PDT. SplunkTrust member rich7177 will be teaching nOObs the basics of navigating Splunk Web and, time permitting, how to build reports, visualizations, and dashboards. For those of you in the San Francisco Bay Area next week, the SFBA User Group will be on Wednesday, June 1st @ 6:00PM PDT at Splunk HQ in our brand new building next door! Come join us in the shiny new space as Sr. Engineering Manager mszebenyi, original …

» Continue reading

Configuring Nginx With Splunk, REST API & SDK Compatibility

Last year I posted an article on how to configure HAProxy with Splunk, REST API & SDK compatibility. Yesterday, I posted an article on how to configure Nginx as a load balancer in front of a tier of HTTP Event Collectors. Today, I want to iterate on the work I did yesterday and show a basic config for Nginx that’s compatible with Splunk, the REST API and SDK’s.

You’re going to need to build or install a version of Nginx that enables HTTPS support for an HTTP server.

./configure --with-http_ssl_module

If you install from source and don’t change the prefix then you’ll have everything installed in /usr/local/nginx. The rest of the article will assume this is the …

» Continue reading

Get ready for Infosecurity Europe 2016!


Infosec 2016It’s time to get ready for the 21st edition of Infosecurity Europe 2016, taking place between the 7th – 9th June at Olympia in London. Infosecurity is Europe’s number one information security event, featuring the largest and most comprehensive education program available, with over 315 exhibitors showcasing the most diverse range of products and services to over 12,000 visitors.

Splunk will be onsite in force at Infosecurity – with several speaking sessions as well as an interactive workshop focused on cloud security. Make sure you prepare early to avoid missing some of our great content at the show! Register today for free entrance (save £35).

Splunk Booth Stand C20 + Theater Presentations


First of all – visit the Splunk stand to get your …

» Continue reading

Autodesk AWiL and Splunk WiT Build Social Capital at Networking Event

awilSplunk Women in Technology (WiT) was thrilled to host Autodesk’s Women in Leadership (AWiL) Group for a networking event at our new HQ in San Francisco on May 19th. The gathering provided an opportunity for AWiL and WiT members to meet, discuss and build our social networks.

Tracy Edkins, Splunk’s CHRO, warmly welcomed Autodesk’s Minette Norman, VP of Engineering Practice and Julie Sokley, Autodesk’s VP of Global Sales Operations. Splunk Product Marketing Manager Anne McCarthy led Norman and Sokley in a fireside discussion about networking and how to tap into and build social capital. A recent study found that access to social networks associated with career progression differs for men and women and could be a barrier to women’s …

» Continue reading

Configuring Nginx Load Balancer For The HTTP Event Collector

The HTTP Event Collector (HEC) is the perfect way to send data to Splunk, at scale, without a forwarder. If you’re a developer looking to push logs into Splunk over HTTP or you have an IOT use case then the HEC is for you. We cover multiple deployment scenarios in our docs. I want to focus on a single piece of the following distributed deployment for high availability, throughput and scale; the load balancer.

You can use any load balancer in front of the HEC but this article focuses on using Nginx to distribute the load. I’m also going to focus on using HTTPS as I’m assuming you care about security of your data in-flight.

You’re going to need to …

» Continue reading

Metrics that Matter at DevOps Days London and Delivery Of Things World Berlin

There’s a crude assessment of opinions that you may recall from ‘The Dead Pool’, ‘Home for the Holidays’, or ‘The People vs. Larry Flynt’:

“Opinions are like %#^&@*s: Everyone has one, and they all stink!”

I tend to lean toward a cleaner version, especially in polite company:

“In God We Trust. All Others Bring Data.”


Or, as Tom Cruise and Cuba Gooding said in Jerry Maguire:


Read the opinions of commenters on almost any mainstream tech article on DevOps and you can see why DevOps is hitting ‘the peak of inflated expectations’ in the Gartner Hype Cycle. There is intense interest in DevOps, and lots of debate, but so many opinions, and …

» Continue reading

Vote using Splunk

Someone recently challenged me to use Splunk for voting. Splunk is a versatile platform, why not make a voting app? Sigi and Stephen put the app together one afternoon and then I tested it out on a live audience during SplunkLive! San Francisco.


Picture1 copy


It worked like a charm and we gained insight from the audience. That’s when I realized, although it’s not a typical use case of Splunk, this app could be useful for others. From polling an audience during a presentation or even getting consensus from coworkers on a question during a meeting, maybe I should put the app on splunkbase.


» Continue reading

What’s North of the Wall? Why cybersecurity is like Game of Thrones.

Cybersecurity winter is coming

Firstly, I was late to Game of Thrones but I’m now hooked. Here in the UK it is on TV on a Monday night so I spend most of Monday avoiding spoilers after it has shown the night before in the US. Secondly, this post tries to frame the modern cyber security landscape through a Game of Thrones lens and I have to warn you it might get a bit geeky.

If you haven’t ever seen Game of Thrones (GoT) it is the story of politics, war, power, dragons and a growing threat from an army of undead (called the White Walkers) north of a massive wall (according to the GoT wiki it is 300 miles long, 700 feet …

» Continue reading

Smart AnSwerS #64

Hey there community and welcome to the 64th installment of Smart AnSwerS.

One of the Splunk Cloud support engineers left on vacation last week, so in true Splunk fashion, his desk is getting a complete makeover by the time he returns! yannK has been putting on his creative hat this week to transform the desk into a Star Wars TIE Fighter which has been coming together incredibly well. If it were my desk, I’d leave it as a permanent installation because it looks that cool and is still completely functional as a work station…not that I’m jealous or anything ;P

Check out this week’s featured Splunk Answers posts:

How would one correctly configure DATETIME_CONFIG for an app that

» Continue reading

Splunk GovSummit UK 2016: Refusing to Sleepwalk to Cyber Crisis

Last week, Splunk hosted two simultaneous events in London, England. You can learn more about SplunkLive! London in Matt Davies’ blog post: SplunkLive! London – A Full House. Analytics, IT Operations And Security. Below, Ashok Sankar shares his report from our first annual Splunk GovSummit UK.

Screen Shot 2016-05-18 at 9.30.55 AM

Security is all the talk nowadays and the first annual Splunk GovSummit UK 2016 was no exception. After introductions from host Nick Butler and Splunk’s VP of EMEA region Richard Cahill set the tone for the day. He pointed out how data around us is helping improve our lives while at the same time continues to be the target of adversaries. He reaffirmed the company’s commitment to Europe and extending solutions to …

» Continue reading