It’s a Family Affair…What’s up with the Family?

“Its a Family Affair“ Whenever I sing that Sly and the FamilyStone song around the house the kids just roll their eyes with disgust. I laugh and tell them not to ’dis on an old great tune. While singing it I often wonder how Sly’s lyrics would be different today considering the technical challenges facing parents trying to monitor their teenager’s online activities.

Fortunately, there are many great methods both paid and free that are available to parents these days. The good news is that no matter what your parenting style there is a tool that you can probably use to monitor your children’s online behavior. The bad news is there are just too many tools to choose from and …

» Continue reading

Smart AnSwerS #78

Hey there community and welcome to the 78th installment of Smart AnSwerS.

Things have been ramping up around Splunk HQ with conf2016 just around the corner! The Splunk education team is starting off strong with Splunk University beginning tomorrow and running through Monday, while the rest of the conference staff are working hard to make the final touches to ensure a smooth and awesome experience for all attendees. I’m looking forward to running into familiar faces and coming across new ones! I’ll be hanging out at the Splunk Answers booth at least half of the time during the conference, so if you happen to be exploring the source=*Pavillion, feel free to stop by to say hello. :) Safe travels …

» Continue reading

I’m sensor-ing that the fourth industrial revolution is going to be data driven

I was lucky enough attend the IoT World conference this week in Berlin. Everyone who is anyone in Industrial IoT and the associated software industry was present. The list of speakers included Bosch, GE and Vodafone among many others.

During the course of the two days at the event I had a conversation with a robot (see below), I visited a pre-war ballroom and I received a cocktail from two juggling bar tenders! However the most memorable moment came during the key note speech from Professor Whalster, one of the founders of Industry 4.0 movement – which is alternatively known as the fourth industrial revolution.


In simplistic terms, Industry 4.0 is focussed on the “smart factory” i.e the computerisation of manufacturing. …

» Continue reading

Splunk Docs: let us make an example of you


The Splunk doc team wants to improve our search command examples, and we need your help.  Share your expertise!  The best examples will be added to the Splunk documentation. If you submit a winning example, you will earn undying fame because we will credit you right in the docs.

Here are the search commands that would benefit from better, real-world examples.

  • abstract – Has only one basic example now.
  • addInfo – Has only one basic example now.
  • appendcols
  • bin/bucket
  • collect – This advanced command needs a great example.
  • dedup
  • delete – Are there other use case examples for this command besides what is there now?
  • eventstats
  • fields
  • foreach – Users find this complicated and hard to use, but this
» Continue reading

Moving from LDAP to SAML authentication

An often asked question when configuring SAML  is how do you ensure users can access their knowledge objects and saved searches that were created before migrating to SAML? Do you need to a script that migrates the users’ knowledge objects? As always is the case, the answer isn’t simple but it depends on the authentication mechanism prior to SAML.

When moving from LDAP  to SAML, if the same LDAP server  is configured as the backend authentication database on the Identity Provider(Adfs, Okta, Ping…), then the users would be the same and the groups they belong to would be the same.

Then moving from LDAP to SAML and retaining the previously created knowledge objects is straightforward and can be achieved …

» Continue reading

Managing your Ingestion with the search bar

Many of our cloud customers have asked me how to better manage their data, e.g. determine volume by sourcetype, or volume by forwarder.  This is typically available via the Distributed Management Console, but in some cases, a person’s role prevents them from getting full access to it.  In the article below, I will guide you through several searches aimed to let anyone dive a bit deeper into their Splunk Cloud service.

Below are a few searches I find helpful

Total Ingestion Volume over time

index=_internal source="/opt/splunk/var/log/splunk/license_usage.log" type="RolloverSummary" | eval GB=b/2014/1024/1024 |timechart span= 1d sum(GB) as GB |


Be sure to double check your time range selector here, I usually search over the past 7 days. If you want to look …

» Continue reading

Using HTML5 Input Types on Splunk Forms

Text inputs on Splunk forms allows for free-form user input.  However, there are times when you need to control the type of this data input.  HTML5 has several input types that control what can be entered in text boxes and how the text box behaves during user input.  Wouldn’t it be cool if you could apply these HTML5 input types to Splunk text boxes?  Hint: the answer is “yes”.  Read on to find out how.

What we will be creating

We will control text box inputs using JavaScript.  Below is a screen shot of the final product:

Input Types Example

This is basically a 2 step process:

  1. Create a Simple XML form
  2. Wire up some JavaScript to manipulate the text fields in the form


» Continue reading

Configuring PingIdentity PingFederate (Ping) Security Assertion Markup Language (SAML) Single Sign On (SSO) with Splunk Cloud

no_passwordsThere are now a few blog postings on SAML configurations for Splunk> Cloud. For Okta , Azure and ADFS. Ping is similar in complexity to the Identity Provider (IdP) ADFS, and can be a bit tricky depending on your implementation. The intent of this guide is help you along on your way to integrate Splunk> Cloud with PingFederate.

My role is a Cloud Services Advisory Engineer on the Customer Adoption and Success Team (CAST) within Splunk>. My focus is to assist our customers in their experience with our Cloud service for Splunk>. With our 6.4.x version of Splunk> Cloud, which this posting is about, the configuration for SAML definitely works quite well, but is not the most user friendly …

» Continue reading

Dell EMC Splunking It Up at #splunkconf16

Ninja_Dell_EMCThe following is a guest blog post from Cory Minton, Principal Systems Engineer, Dell EMC…

Grab your hoodies, your witty black t-shirts, and maybe your capes…it’s time for another exciting Splunk .conf2016, the annual Splunk User Conference taking place at the Walt Disney Swan and Dolphin Resort September 26-29, 2016.  All of us at EMC are excited to be sponsoring .conf for the third year in a row, and this year our presence will be bigger and better than ever before. Dell EMC will host two technical sessions this year, we’ll have more than 20 of the Dell EMC Splunk Ninjas running around learning, a large booth in the partner pavilion demonstrating our technology solutions, and we are pleased to have been …

» Continue reading

Detect IoT anomalies and geospatial patterns for logistics insights

In part 1 of this blog series we spoke about how to turn sensor data into logistics insights. In this part we outline one approach for anomaly detection and enrich our sensor data with location information to discover geospatial patterns.

Anomalies? Find them with a few lines of SPL.

Anomaly detection can be tricky and implementations vary from simple thresholding and baselining to highly sophisticated approaches based on machine learning. In this example we leveraged the Splunk Machine Learning Toolkit to detect numeric outliers using a sliding window approach to check against multiples of the standard deviation in this time series to spot anomalies.


And that’s how the SPL looks like:

| timechart span=1s avg(ax) as avx avg(ay) as

» Continue reading