Blogs

Splunk spits out an astounding number of its own internal log messages, some I’ve already described. This post is how to get more of them, in case you have spare disk space lying around and need something to fill it with. Or you have some problem with Splunk and need debug logs. Sometimes Support will ask for this to diagnose an issue.

splunkd log messages go in the file splunkd.log. (Note that if you move the existing file out of the way, a fresh one is created on startup if you want to work with only the messages from the current run.) They are controlled by the log.cfg file located in /opt/splunk/etc, which specifies the log level of messages by…

This week things were rocking and we were splunking at VMworld. VMware launched their road map for their Virtual Data Center Operating System (VDC-OS). VDC-OS is VMware’s vision to aggregate virtualized servers, storage and network resources into a common platform that manages resources for guest operating systems and applications. And we launched Splunk for VMware. It’s an application build on top of Splunk that gathers data from from different levels of the VMware virtual stack including the hypervisor configuration, metrics and events, the host operating system, underlying network and guest OS and applications. The application also gives you predefined searches, alerts and reports to troubleshoot and secure your VMware environment. It’s free and you can download it here.

VDC-OS represents…

Things are moving pretty fast at Splunk and I wanted to comment on the exciting news we announced last week.

In 2004, myself, Erik Swan and Rob Das started Splunk with a vision to battle IT complexity by embracing it. We were thinking of things a bit differently. A different way to address the management of IT by applying search to millions of data center artifacts. Traditionally these artifacts were summarized, filtered and reduced and then forgotten – leaving us humans in a pickle when we needed to figure out what’s really going on. For us Splunk was also about a different way to interact with the market taking an approach of utter transparency. Our public product road maps, freely…

For a nice sunny summer week, far too many of us have succumbed to illness. Clearly the move, sprinting and attendant stress has been too much for some Splunkers. We salute their sacrifice to the greater good. Those who still survive should take all due and proper precautions to ensure their continued health. For that no tonic is better than the (in)famous Harvey Wallbanger.

Bringing together the restorative powers of orange juice, ancient Italian herbs and wholesome grain liquor, the Harvey Wallbanger provides all the nutrition the body needs to ward off sickness and scope creep. That it sounds like your creepy uncle also helps add extra tre chic that PBR sipping hipsters adore. This ain’t your sister’s screwdriver –…

Both Dave Pickering from New Aspects and I will be at the Atlassian Jira users’ group in San Francisco next Thursday September 18, for those of you who’ve been following what we’re doing with Jira to automate product management for an agile dev organization. Looks like a lot of great Bay Area companies are going to be there.

And we really, really, are just about ready to publish the extensions and workflows we’ve done.

Details and registration.

Today, http://splunk.tv is live at Amazon Start-Up at the Austin Music Hall. Tune in, the SplunkNinja will be talking about what we’ve been doing with Amazon’s Web Services in a number of capacities. This will be recorded, so if you can’t make it–tune in later. 3:10 PM CST.

Update: The recorded video from yesterday’s presentation at Amazon Startup is here:

http://www.ustream.tv/recorded/704929

Note: There’s about 13 minutes of delay… sorry, so fast forward to about 13:30 and you’re good

Tags: Splunk

I made a photosynth of the new Splunk office in SF, which automatically linked 104 photos in 3D space. It mostly worked.

Hit the “play” button, sit back, and have a tour of the Splunk office. Click the button with 3 dots on it to jump to the next 3D space.

After last week’s little sojourn to the desert, many of you have expressed thoughtful concern for my well being. After all, even a many-talented drinker like myself might be challenged by:

1.
Riding a bike
2.
Avoiding 50,000 dirty hippies
3.
Avoiding Matt
4.
Maintaining a satisfactory blood alcohol content

…especially when one must do all of these things at the same time, all day, every day for a whole week. What technology makes this possible? Surely John isn’t mixing patchouli flavored, rose colored martinis.

Indeed not.

May I present you with a useful little concoction, should you find yourself wandering the Sahara with the cast of Ab Fab. Playa Sangria. It’s quick, it’s easy, it’s cheap, it’s tasty and you can use it to wash down a hippie. If…

There you were, merrily going along and Boom! Somebody kicks the power switch, your filesystem goes off the deep end, something Very Bad happens. You start to understand why fsck is a four-letter word. After using some additional four-words, you get things up and running. But what’s with Splunk? It won’t start!? You only get some cryptic error and “Splunkd appears too be down.” Welcome to the world of WordData. You had a backup, right? Yeah, thought so.

Buried deep in the index are a bunch of *.data files:

www.feorlen.org[feorlen]:/Applications/splunk/var/lib/splunk/defaultdb/db$ ls -lr *.data
-rw-r--r-- 1 root admin 10276 Sep 3 07:41 Sources.data
-rw-r--r-- 1 root admin 5085 Sep 3 07:41 SourceTypes.data
-rw-r--r-- 1 root admin 252 Sep 3 07:41 Hosts.data
-rw-r--r-- 1 root admin 21…

We’ve been hearing a lot lately about the death of SIEM technologies. But isn’t the question less about a legacy technology dying and more about the dimensions on which the next mass adopted security capability will be born? Clayton Christensen first described a model for disruptive technology in his book The Innovator’s Dilemma and his follow on The Innovator’s Solution. Christensen describes a theory about how disruptive technologies over take sustaining technologies by delivering value on new dimensions that established vendors overlook as unimportant, low end or just don’t think about because they’re too busy improving their legacy. Christensen’s work offers an interest framework to think about what’s taking place in the market for SIEM security management solutions.

Any enterprise trying to secure…