Top 10 Splunk and Cisco Highlights in 2014

Over the past 7 years Cisco and Splunk have built a broad and multi-faceted relationship.

Internally Cisco IT, security, engineering and other teams use Splunk software every day for operational intelligence and security analytics. Cisco shared details at Splunk’s 2014 user conference in a session titled How Cisco IT Moved from Reactive to Proactive and Even Predictive with Splunk” and Cisco’s CSIRT team commented a blog post on Security Logging in an Enterprise … [W]e moved to Splunk from a traditional SIEM as Splunk is designed and engineered for ‘big data’ use cases.”

Splunk & Cisco have partnered across security, networking, application management, IoT, Big Data and other areas to help our joint customers realize the same …

» Continue reading

End-to-End Protection and Threat Mitigation for Cisco Network Environments via Splunk, ISE, and pxGrid

In our previous post, and the subsequent Cisco article, we delved into how Cisco Identity Services Engine can be used to enrich operational analytics with Splunk with personal data. Let’s look at a real-world example plus explore the latest Splunk and security integration.

At Cisco Live Cisco product manager Kevin Guidinger delivered a great session detailing how Cisco Cloud and Managed Services (CMS) uses Splunk to manage more than 2.5 BILLION security events per day across Cisco security and third-party security products. That is nearly 30,000 events per second, and no trivial matter.

Kevin highlighted a financial services organization his team works with that requires deep visibility into their BYOD deployment. It’s critical that the team can easily identify and investigate rogue network access, even coming from company issued devices, and then quickly re-mediate …

» Continue reading

Join Splunk and Cisco at Cisco Live Milan

Building on years of collaboration Splunk and Cisco are kicking off 2015 on a high note. Last week Splunk joined Cisco for a discussion on the Power of Application Centric Infrastructure and now we’re packing our bags for a week of Cisco and Splunk-y goodness at Cisco Live Milan January 26-30, 2015.

At Cisco Live Milan 2015 you’ll learn how Splunk and Cisco have teamed to deliver unified visibility into application and network performance, dramatic reductions in troubleshooting times, better and faster response into security incidents, and more. You’ll discover practical ways to get even more value out of your existing Cisco environments – from ASA firewalls to Catalyst and Nexus switches to Meraki wireless devices – and how Cisco …

» Continue reading

Smart AnSwerS #7

Hello Splunk community and welcome to the 7th installment of Smart AnSwerS!

This past Monday, Martin Luther King Jr Day, was a holiday for the Splunk offices in the US, but I decided to come in anyway to get some work done since Splunk Answers never seems to take a day off :P All the lights were off and alas, neither I nor the security guard knew how to turn the lights on. I worked in the dark for a good 2 hours, but just when I was about to give up and save my eyesight, another splunker came by, showed me the light (switches) and saved the day! *confetti drop* Check out this week’s featured Answers posts:

Does Splunk remember

» Continue reading

New in Hunk 6.2.1: Splunk Archiving & Searchable Archives!

  • Archive your existing Splunk indexer’s data with a Hunk 6.2.1
  • Search archived data in place from the Hunk search head
  • Documentation here!

Archive Splunk Data

Hunk 6.2.1 enables you to continuously archive your Splunk data to Hadoop, by pointing a Hunk search head to your Splunk indexers and configuring an new Archive Indexes.

Searching archived data

You can search archived data in place on Hadoop just as easily as you would search any other Splunk index. There’s no need to move data more than once. This works because Hunk already knows how to efficiently search data in Hadoop. We just had to archive the data in a file structure such that Hunk could efficiently prune the data by time.

Here’s …

» Continue reading

Splunk App for SalesForce

Do you manage a Salesforce environment and would like to analyze who is accessing what? Would you like to find out who is exporting sensitive data? Would you like to detect any Salesforce related suspicious activities or any slow running reports, dashboards, SOQL queries?

If the answer to the above is yes, you should check out the Splunk App for Salesforce which has been recently released as a service on Splunk Cloud. This App relies on the Salesforce Event Log File that exposes Salesforce access logs. In addition to that, you can also leverage this app to collect and index any data from the standard Salesforce objects. In other words, you can use this app to index structured and unstructured salesforce data.
For …

» Continue reading

Notes on Splunk CIM

So you want to work with the Splunk Common Information Model, and you’re not sure where to start… developers first working with the CIM and Add-ons are sometimes confused by its minimalist design, particularly if they’re familiar with the broadly used Desktop Management Task Force CIM. Here’s some notes on the CIM’s design that hopefully will help clear things up. First, we’ll look at how it’s used, and then we’ll talk about why the Splunk CIM is designed the way that it is.

The Splunk CIM describes concepts via tags rather than entities via database columns, and the first thing to understand when you’re trying to work with it is the event type. Events are the raw material …

» Continue reading

Making machine data personal with Splunk and Cisco ISE

Welcome to 2015, year of the hover-board (if you don’t get that reference, you should watch more movies). In the first of a multi-series posts, lets start by taking a look at the goodness Splunk and our partner Cisco have been cooking up to help you understand who is doing what in your environment. We will be covering a series of topics, so be sure to stay tuned.

As a Splunk customer, Cisco uses Splunk Enterprise Security extensively across Cisco IT, Engineering, Advanced Services and Security teams. For example, Cisco’s Computer Security Investigation Response Team (CSIRT) uses Splunk …

» Continue reading

The First Virtual SplunkLive! for Higher Education

I am excited to announce the first virtual SplunkLive! event focused entirely on higher education, hosted in partnership with Internet2.

Modesty usually forbids using more than one exclamation point in any given blog, but I thought in this case both the format and the focus were worth getting excited about (!!!).

For those who may not know, SplunkLive! events are customer-focused gatherings that give attendees a way to see and interact with current Splunk users, as well as get some hands-on Splunk experience. For this particular event, we have speakers from Ohio State University, Baylor University, and the University of Washington, followed by breakout sessions on Getting Started, Security, and IT Operations.

I promised …

» Continue reading

Smart AnSwerS #6

Hello Splunkarinos and welcome to the 6th installment of Smart AnSwerS!

We just had our company Break Your New Year’s Resolution party this past weekend to start the New Year…ironically :P Good eats, good drinks, good music and fun people? That sounds about right to me! We’re back to business (and fun) as usual here at Splunk HQ as I’m sure you all are too – Check out this week’s featured Splunk Answers posts:

How to change the width of two dashboard panels in the first row from 50% 50% to 75% 25% in Simple XML for Splunk 6.2?

kkuderko was having an issue changing the size of panels on their dashboard, as do many users, which is why customizing Splunk …

» Continue reading