Blogs

One of the coolest (and there are a lot of cool things about Splunk) things you can do with Splunk is mapping a transaction. Many times, what some consider a “transaction” may be the linkage between events often by multiple common factors. At Interop 2007 in Las Vegas this year, the network management team used Splunk to very simply see the entire set of DHCP events (or transaction) — why? When you hop on a network and get an IP address for your computer, four events actually occur, a DHCP Discover, Offer, Request, Acknowledge. Those four events occurring for your machine/computer/MAC address confirm that you got on the network and are as happy as a clam–hopefully.

In Splunk, we can easily…

After being extremely inspired by all you die-hard Splunk fans out there, I decided to lay down some high-tech “geeky” rhymes over some old familiar classic rock riffs, including Queen’s “We Will Rock You”, Rush’s “Tom Saywer”, and AC/DC’s “Back In Black”. So…

Yo, dog, turn up da bass and check it….Maverick is in da hayouse!

Splunk IT.mp3

Here are the sick lyrics, dog!

Splunk IT (a rap by Eric “Maverick�? Garner)
Copyright © 2007, Garner. All rights reserved.

We got all kinds of issues occurring in the system
They’ve always been there, but I guess we just missed ‘em
We need Splunk to help troubleshoot it
We got Red Hat 3.0, so we won’t have to chroot it

Yo, we got hundreds of servers in multiple locations
And the IT…

It’s a little known (mainly because it’s undocumented) fact that it is possible to use the Splunk CLI to manage remote Splunk servers. This capability has been built into the product since version 2.1, and allows one to do things such as remotely manage data inputs, run searches, manage users, etc. For fairly obvious reasons, this cannot be done with commands that require Splunkd to be stopped.

The syntax is simple:

/opt/splunk/bin/splunk <command> [<subcommand>] <params> -uri https://my2ndSplunkBox:8089

The key here is the -uri parameter, which instructs the PCL to send all SOAP requests to the specified server. There are 3 pieces to the parameter: protocol, host, and port.

The protocol must be one of http or https, depending on whether or not SSL is enabled on…

Well, I guess I had to start “blogging” eventually…

Hi, I’m Amrit, the main CLI (Command Line Interface) and PCL (Python Control Layer) guy here at Splunk. This means that I maintain our more common bash scripts (bin/splunk & friends), and our Python support scripts (site-packages/splunk/clilib/), which do the heavy lifting for a number of CLI & Web UI features.

These aren’t the only things I work on, but they are the parts of the Splunk codebase that have consumed most of my time since starting here in December 2005. I should also mention that Ivan Tam (no blog.. yet..?), who now works on the SplunkWeb UI, helped write the first implementation of the PCL during mid-2006.

Every now and then I’ll post…