From API to easy street within minutes

30? 20? …15? It all depends on how well you know your third-party API. The point is that polling data from third-party APIs is easier than ever. CIM mapping is now a fun experience.

Want to find out more about what I mean?  Read the rest of this blog and explore what’s new in Add-on Builder 2.1.0.

REST Connect… and with checkpointing

Interestingly  this blog happens to address a problem I faced back on my very first project at Splunk. When I first started at Splunk as a Sales engineer, I  worked on  building a prototype of the ServiceNow Add-on. Writing Python, scripted inputs vs mod input, conf files, setup.xml, packaging, best practices, password encryption, proxy and even checkpointing… the list goes …

» Continue reading

Splunk Partner+ Program Announces 2017 Global Partner Awards

C5Ju5aXVYAAb766With the convergence of Splunk’s new fiscal year, Global Partner Summit and our Global Partner+ Program Awards, there’s call for celebration as we look back on our previous year’s achievements and look towards FY’18.

Partners are vital to Splunk and continue to push the envelope and innovate every day. From creative sales techniques to innovative program execution, from app and technology development to delivering world-class services, Splunk Partners excel in their commitment to customers and the Splunk Partner+ Program while demonstrating an ability to strategically find and lead incremental business.

Throughout the past 12 months, Splunk Partners achieved remarkable success. The Partner+ team would like to recognize select partners who exemplified the core values Splunk Partner+ Program coupled with stellar …

» Continue reading

What Happens When You Move From Reactive to Proactive IT

1280px-Molina_Healthcare_LogoMost IT departments want to make an impact, but fire drills and troubleshooting usually get in the way. Often times, you find yourself playing the blame game. But what if you could get in front of an issue before an incident happens, rather than responding to it after the fact? What if you were no longer reactive to the situation, but instead could focus on aligning with business objectives?

Well, it’s not rocket science, but it hasn’t been easy to date! In this post, I’m here to share how enterprise organizations have been able to move past blame game and take the guesswork out of issue resolution. Let’s look at how one company has embraced the strategic opportunity of

» Continue reading

SSL Proxy: Splunk & NGINX

Who is this guide for?

It is a best practice to install Splunk as a non-root user or service account as part of a defense in depth strategy. This installation choice comes with the consequences of preventing the Splunk user from using privileged ports (Anything below 1024). Some of the solutions to this problem, found on Splunk Answers require iptables rules or other methods. In my experience, the iptables method is not that reliable, and many newer distributions of Linux are abandoning iptables in favor of firewalld as the default host firewall. In this guide, I will show you how to use Nginx, and Let’s Encrypt to secure your Splunk Search Head, while allowing ssl traffic on port 443.



» Continue reading

Splunk DB Connect 3 Released

Splunk DB Connect has just gotten a major upgrade! Let’s take a look at it.

What’s New

Splunk DB Connect 3.0 is a major release to one of the most popular Splunk add-ons. Splunk DB Connect enables powerful linkages between Splunk and the structured data world of SQL and JDBC. The major improvements of this release are:

  • Performance improvement. Under similar hardware conditions and environment, DB Connect V3 is 2 to 10 times faster than DB Connect V2, depending on the task.
  • Usability improvement. A new SQL Explorer interface assists with SQL and SPL report creation.
  • Improved support for scripted configuration, via reorganized configuration files and redesigned checkpointing system. Note that rising column checkpoints are no longer stored in configuration files.
  • Stored procedures support
» Continue reading

Splunking Microsoft Azure Network Watcher Data


Microsoft has released a new service in Azure called Network Watcher.  Network Watcher is a network performance monitoring, diagnostic, and analytics service which enables you to monitor your network in Azure.  The data collected by Network Watcher is stored in one or more Azure Storage Containers.  The Splunk Add-on for Microsoft Cloud Services has inputs to collect data stored in Azure Storage Containers which provides valuable insights for operational intelligence regarding Azure network workloads.  In this blog post, we will explore how to get Azure Network Security Group (NSG) Flow Logs into Splunk and some possible use case scenarios for the data.

Getting Azure NSG Flow Log data into Splunk

NSG flow logs allow you to view information about …

» Continue reading

Adaptive Response: A Level Deeper for Continued Customer Success

Splunk at RSA Conference 2017bOver the past three or four years, we’ve been hearing more and more about analytics-driven security at RSA. Years ago, when Splunk first introduced the concept to the marketplace, we were living in a world where security practitioners were still focusing on prevention, rather than detection. Since then, advanced cyber adversaries have forced security analysts to change the way they think about posture. Security analysts no longer buy into the idea that there is a silver bullet for security, and vendors acknowledge that security is a team sport. With this shift in mindset comes a change in strategy, where end-to-end context and cross-vendor analytics are emphasized to better detect and respond to threats in real time. Detection is now king.…

» Continue reading

Using machine learning for anomaly detection research

Over the last years I had many discussions around anomaly detection in Splunk. So it was really great to hear about a thesis dedicated to this topic and I think it’s worth sharing with the wider community. Thanks to its author Niklas Netz in advance!

Obviously anomaly detection is an important topic in all core use case areas of Splunk, but each one has different requirements and data, so unfortunately there is not always an easy button. In IT Operations you want to detect systems outages before they actually occur and proactively keep your depending services up and running to meet your business needs. In Security you want to detect anomalous behavior of entities to detect potential indicators for breaches …

» Continue reading

Healthcare and Machine Data—What’s Not to Love?

Splunk at HIMSSIt’s February, the designated month of love, so I thought it fitting to share the Splunk slogan I love the most: “I like big data, and I cannot lie.” And I’m not the only one—healthcare organizations around the world are loving how big data, especially machine data, is helping them to improve their systems.

The healthcare industry has tons of machine data, not only from their infrastructure and applications, but also from sources like EHRs and connected medical devices. Now they can leverage this data to achieve unique insights that can help standardize infrastructure, improve diagnostics, meet regulations and even tailor medical care. Here’s some real world examples:

  • Myriad Genetics collects biologic samples from doctors all around the
» Continue reading

Find Malicious Insiders Before You Become a Headline

Screen Shot 2017-02-14 at 10.13.21 AMThe media is filled with reports of Russia’s possible influence over the U.S. presidential elections. While American security agencies are investigating the Kremlin’s possible involvement in a hack of the Democratic National Committee, a U.S. Intelligence Service unclassified report suggests the Russians motive, at least in part, may have been retaliation for the U.S. working with a malicious insider to leak news of a Soviet Olympic athlete doping scandal.

Regardless of whether the report is true, it reveals a growing concern over insider threats for foreign governments everywhere. Countries such as Canada are heavily investing to protect its citizens against insider and foreign attacks, while the U.S. Department of Defense Inspector General found in a recent audit that the U.S. …

» Continue reading