Blogs

Today’s episode brings Maverick and Wilde one main question: What’s the next action? Serious! If you have ever wondered what people do right after they do what they do.. wait, that didn’t make sense. In mobile apps that might use several api’s a user might search, friend, like, lookup, map, etc. Developers may need to know what the most popular “next action” is. We’re gonna describe how that’s done along with a few other cool topics and some of our favorite search commands like “streamstats” and “eventstats”.

Following the successful release of the first Splunk App for Microsoft Exchange in August 2011, we just released an updated version. The Splunk App for Microsoft Exchange v1.1 allows you to monitor server health, e-mail messages and users across your Microsoft Exchange 2007/2010 infrastructure. Here are the top reasons you should install or upgrade.

Dear Splunk app developers,

We need your help to make Splunkbase better.

You want access to the people downloading your apps, and we want to give it to you. But first — we need your feedback to ensure we deliver the right set of download and lead statistics for your Splunkbase apps.

Our goal is to provide you with statistics that will help you to better understand and approach your target market, thus, it’s very important for us to clearly define the functionality that will be the most useful.

Please take 10 minutes (or less) to complete this survey: http://www.surveymonkey.com/s/sb-downloads-info

We greatly appreciate your feedback. If you have any questions please feel free to contact me,…

Today we are proud to release the Splunk App for Enterprise Security 2.0, which I’ll call “the App” in this blog. The App acts a next-generation Security and Information Event Manager (SIEM). It excels at identifying and alerting on both known and unknown threats, and doubles as a powerful tool for security investigations and forensics.

The history behind the App is a compelling story. In a nutshell, we really didn’t set out to be a SIEM; our customers made the decision for us.

Back when we started shipping code in 2006, our focus was on building a highly-scalable, schema-less, big data platform that could ingest essentially all machine data and then be searched to…

As we draw closer to our inaugural APAC Partner Kick Off (PKO) that will be held high up in the heavenly mountains of Mount Kinabalu in East Malaysia from the 29th Feb till 1st March 2012, we can sense the excitement that has been building strongly throughout the APAC partner community. We have received a total of 15 nominations from our APAC partners who are competing in the “Splunk Apps of the Year” awards, and I just heard that my APAC colleagues are groaning away as they were tasked to polish the awards that will be given out during the event.

Mind you, that is the easy part.

The difficult part for me (I always get the difficult…

Is DevOps short for “building a bridge over shark infested waters while juggling on a unicycle?” No, no, of course not. That’s SecOps. In the time I’ve worked at Splunk, observing the DevOps relationship has been somewhat like watching two tribes learn a common language. Communication begins with a hurried knowledge transfer session just as an application is pushed into production. It might include a short list of error codes and their descriptions or a page posted to an internal wiki with log locations. It might end as an awkward dance of hand gestures, contorted facial expressions and primitive grunting noises.

Imagine my surprise and excitement to encounter a DevOps relationship where both parties spoke the same language. Last month, it was my distinct pleasure to work with Sudip and Adam, who both work for a forward company which creates software so you can collaborate anywhere with anyone. Sudip and Adam presented their DevOps story and regaled us with their success using Splunk as common ground.

Yes yes yes… I know, its been a while–not because we’ve been silent, but we’ve been super busy and low on editing time. I’ve got a pile of them i’m about to release week by week so we’re all caught up. This episode, aptly titled “Strange things happen after midnight” has been waiting to get out of the gate. It’s been saying “Wilde! Edit me”. So I have.

Pay attention to your clocks my friend! Splunk Ninja answers a question (and helps diagnose) an issue where realtime search “seemed to not be working” when the real culprit was a forwarder whose time was ahead of the indexer–and thus, realtime isn’t the “future”. Well, it will be event-ually . Maverick gives us some insight on the best ways to share whats in your splunk server with other users in your company. Taking a cue from Gregg Woodcock, Splunk customer at MetroPCS–who presented at SplunkLive–we’ve got some great tips worth sharing.. about sharing!

Splunk Ninja and the crew will be at Interop this year Wooo-hoo, in Las Vegas and NYC as a part of the Interop NOC (a.k.a nerd camp). Finally Maverick reveals what strange things happen right after midnight in Splunk (during an extremely rare situation).

Note: Check out our Developer Portal and send your vendors or developers over to the Logging section so they can learn how to better design log output so you can use it better!

Episodes are recorded live every Friday at 11AM Central Time – Email us at splunktalk@splunk.com to ask questions and have them answered on air!

Earlier this week Splunk launched a preview of the PowerShell Resource Kit on Github. It is designed to help Splunk admins who want to automate administration of their Splunk deployments, but also has some pretty cool recipes for integrating Active Directory with Splunk, forwarding alerts and other data to Microsoft’s System Center Operations Manager, and performing a rudimentary topology discovery via an automated Splunk search with PowerShell.

Many of Splunk’s customers monitor very large Windows environments that have hundreds if not thousands of Universal Forwarders. They also use Active Directory for authentication, policy management and general asset organization. It turns out that they also use PowerShell extensively. So, why not develop a Splunk module for PowerShell?

The PowerShell…

After a career building up my IT skills elsewhere, I’ve spent the last year and a bit working within QA for Splunk. It’s been a fascinating ride, coming from being a sysadmin user of Splunk who couldn’t sway the people at the purse strings to finance a bigger license… to being a part of the dev team that has brought 4.3 to market.

I pondered at times when I was testing early versions of the UI changes that Splunk was courting a different demographic and losing touch with sysadmins. The same sysadmin/networkadmin user base that put Splunk on the map.

My concerns were myopic at best.

In testing the command line interface, getting to know REST, installing Splunk hundreds of…

The Splunk App for VMware is now in beta. It has been one of our most popular requests and a much-searched-for app. Why? Because virtualization, as much as it allows resources to be shared more efficiently, also leads to problems being shared! Splunk customers want to be able to tie user level or application level problems with the underlying server, storage, network or virtualization layers. They want a way to make those connections easily and at scale.