It’s a Family Affair…What’s up with the Family?
“Its a Family Affair“ Whenever I sing that Sly and the FamilyStone song around the house the kids just roll their eyes with disgust. I laugh and tell them not to ’dis on an old great tune. While singing it I often wonder how Sly’s lyrics would be different today considering the technical challenges facing parents trying to monitor their teenager’s online activities.
Fortunately, there are many great methods both paid and free that are available to parents these days. The good news is that no matter what your parenting style there is a tool that you can probably use to monitor your children’s online behavior. The bad news is there are just too many tools to choose from and …
Smart AnSwerS #78
Hey there community and welcome to the 78th installment of Smart AnSwerS.
Things have been ramping up around Splunk HQ with conf2016 just around the corner! The Splunk education team is starting off strong with Splunk University beginning tomorrow and running through Monday, while the rest of the conference staff are working hard to make the final touches to ensure a smooth and awesome experience for all attendees. I’m looking forward to running into familiar faces and coming across new ones! I’ll be hanging out at the Splunk Answers booth at least half of the time during the conference, so if you happen to be exploring the source=*Pavillion, feel free to stop by to say hello. Safe travels …
I’m sensor-ing that the fourth industrial revolution is going to be data driven
I was lucky enough attend the IoT World conference this week in Berlin. Everyone who is anyone in Industrial IoT and the associated software industry was present. The list of speakers included Bosch, GE and Vodafone among many others.
During the course of the two days at the event I had a conversation with a robot (see below), I visited a pre-war ballroom and I received a cocktail from two juggling bar tenders! However the most memorable moment came during the key note speech from Professor Whalster, one of the founders of Industry 4.0 movement – which is alternatively known as the fourth industrial revolution.
In simplistic terms, Industry 4.0 is focussed on the “smart factory” i.e the computerisation of manufacturing. …
Splunk Docs: let us make an example of you
The Splunk doc team wants to improve our search command examples, and we need your help. Share your expertise! The best examples will be added to the Splunk documentation. If you submit a winning example, you will earn undying fame because we will credit you right in the docs.
Here are the search commands that would benefit from better, real-world examples.
- abstract – Has only one basic example now.
- addInfo – Has only one basic example now.
- collect – This advanced command needs a great example.
- delete – Are there other use case examples for this command besides what is there now?
- foreach – Users find this complicated and hard to use, but this
Moving from LDAP to SAML authentication
An often asked question when configuring SAML is how do you ensure users can access their knowledge objects and saved searches that were created before migrating to SAML? Do you need to a script that migrates the users’ knowledge objects? As always is the case, the answer isn’t simple but it depends on the authentication mechanism prior to SAML.
When moving from LDAP to SAML, if the same LDAP server is configured as the backend authentication database on the Identity Provider(Adfs, Okta, Ping…), then the users would be the same and the groups they belong to would be the same.
Then moving from LDAP to SAML and retaining the previously created knowledge objects is straightforward and can be achieved …
Managing your Ingestion with the search bar
Many of our cloud customers have asked me how to better manage their data, e.g. determine volume by sourcetype, or volume by forwarder. This is typically available via the Distributed Management Console, but in some cases, a person’s role prevents them from getting full access to it. In the article below, I will guide you through several searches aimed to let anyone dive a bit deeper into their Splunk Cloud service.
Below are a few searches I find helpful
Total Ingestion Volume over time
index=_internal source="/opt/splunk/var/log/splunk/license_usage.log" type="RolloverSummary" | eval GB=b/2014/1024/1024 |timechart span= 1d sum(GB) as GB |
Be sure to double check your time range selector here, I usually search over the past 7 days. If you want to look …
Using HTML5 Input Types on Splunk Forms
Text inputs on Splunk forms allows for free-form user input. However, there are times when you need to control the type of this data input. HTML5 has several input types that control what can be entered in text boxes and how the text box behaves during user input. Wouldn’t it be cool if you could apply these HTML5 input types to Splunk text boxes? Hint: the answer is “yes”. Read on to find out how.
What we will be creating
This is basically a 2 step process:
- Create a Simple XML form
Configuring PingIdentity PingFederate (Ping) Security Assertion Markup Language (SAML) Single Sign On (SSO) with Splunk Cloud
There are now a few blog postings on SAML configurations for Splunk> Cloud. For Okta , Azure and ADFS. Ping is similar in complexity to the Identity Provider (IdP) ADFS, and can be a bit tricky depending on your implementation. The intent of this guide is help you along on your way to integrate Splunk> Cloud with PingFederate.
My role is a Cloud Services Advisory Engineer on the Customer Adoption and Success Team (CAST) within Splunk>. My focus is to assist our customers in their experience with our Cloud service for Splunk>. With our 6.4.x version of Splunk> Cloud, which this posting is about, the configuration for SAML definitely works quite well, but is not the most user friendly …
Dell EMC Splunking It Up at #splunkconf16
The following is a guest blog post from Cory Minton, Principal Systems Engineer, Dell EMC…
Grab your hoodies, your witty black t-shirts, and maybe your capes…it’s time for another exciting Splunk .conf2016, the annual Splunk User Conference taking place at the Walt Disney Swan and Dolphin Resort September 26-29, 2016. All of us at EMC are excited to be sponsoring .conf for the third year in a row, and this year our presence will be bigger and better than ever before. Dell EMC will host two technical sessions this year, we’ll have more than 20 of the Dell EMC Splunk Ninjas running around learning, a large booth in the partner pavilion demonstrating our technology solutions, and we are pleased to have been …
Detect IoT anomalies and geospatial patterns for logistics insights
In part 1 of this blog series we spoke about how to turn sensor data into logistics insights. In this part we outline one approach for anomaly detection and enrich our sensor data with location information to discover geospatial patterns.
Anomalies? Find them with a few lines of SPL.
Anomaly detection can be tricky and implementations vary from simple thresholding and baselining to highly sophisticated approaches based on machine learning. In this example we leveraged the Splunk Machine Learning Toolkit to detect numeric outliers using a sliding window approach to check against multiples of the standard deviation in this time series to spot anomalies.
And that’s how the SPL looks like:
| timechart span=1s avg(ax) as avx avg(ay) as