Blogs

I recently blogged about a cool open source tool which is a Splunk Dashboard. In less than an hour, you could easily bring up a central dashboard to visually oversee Splunk administration duties. Here is a basic review of how to get the dashboard working, in combination with the Check Splunk tool.

Prerequesites:

• spdash
• checksplunk
• crontab competency
• ssh competency
• web server competency
• cgi-bin competency

Even if you are not very familiar with the above items, there is plenty of information available on the web to get things going. The README files that come along with the tools are very useful and should be reviewed before proceeding. The following steps are an outline of what I performed to get the dashboard working:

Step 1: Install the spdash software on the…

I have mentioned in past blog entries that Splunk can be used to contribute to the governance and indexing of Service Oriented Architectures. In this post, I will discuss a more common issue that pertains to log management, operations support, and troubleshooting. In a typical SOA deployment, you may have a situation where a user logs into a web site for procurement or purchasing, which kicks off a series of steps handled by different servers using heterogeneous technologies. One flow may include a web server, which initiates the request and sends a message to an application server. The application server then sends a message to an Enterprise Service Bus (ESB), which in turn, routes the message to a Business Process…

Excerpt from local IT magazine.

米スプランク社製ITサーチエンジン「Splunk for Enterprise」

　ネットワーク機器の輸入、開発、販売を手がける マクニカネットワークス株式会社　（以下　マクニカネットワークス、本社：神奈川県横浜市港北区新横浜1-5-5、代表取締役社長：宮袋 正啓）は、この度、2009年6月8日～12日に開催されたInterop Tokyo 2009において、マクニカネットワークスの取り扱う米スプランク社製ITサーチエンジン「Splunk for Enterprise」がBest of Show Awardプロダクト部門、アプリケーション部門においてグランプリを受賞したことを発表いたします。

　 Interop Tokyo 2009では、300を越える出展社がネットワークに関するさまざまな製品やソリューション、サービスを展示します。その中から今年のテーマにふさわしい、最も優れたものを決めるのが、“Best of Show Award”です。 IT業界有識者による厳正な審査や、来場者の投票によって選ばれ、部門によっては「該当なし」も出る厳しい審査です。製品・ソリューション・サービスは、まさに今年を代表する、新しいネットワーク環境を牽引していくにふさわしいものと言えます。

　 アプリケーション部門でグランプリを受賞した「Splunk for Enterprise」は、ネットワーク機器やパソコン、サーバなど複数の機器や、アプリケーションから出力されるログデータやConfigデータをリアルタイムに収集・蓄積し、検索、アラート、レポーティングを行うITデータ全体を対象とした収集、解析ツールです。テキストデータであれば取り込みが可能で、ログフォーマット等を問わず、メールやシステムの起動、シャットダウン、アクセス権変更のログなど、あらゆる種類のデータを一元管理し検索や分析を行なうことができるため、ネットワーク監視をはじめ、IT全般統制で重視されるアクセス権やアプリケーションの変更管理など、さまざまな分野に活用することが可能です。

　 ログ・ＩＴデータの「管理」を超えて、自由に「検索」をするという新たなコンセプトをもって登場した『ＩＴサーチエンジン』 という新テクノロジーが、今回高く評価されました。 2004年に米国で創設されて以来、米国でも数々の賞を受賞しており、2008年には米国のBest of Interop賞（ネットワークマネジメント、ソフトウェア＆サービス部門）も受賞しています。 マクニカネットワークスは、2009年1月より米Splunk, Inc.と国内一次代理店契約を締結し、国内販売を展開しています。

Sometimes users of Splunk like to have Splunk tell them what is happening with their infrastructure without doing an ad-hoc search. The most obvious way to accomplish this is to use Splunk Alerts. An alert gets generated for a saved search that is executed over a configured period and matches user defined conditions.

Now suppose you want to visually just watch a saved search run on periodic basis. One approach would be to have the Splunk Web application in the browser auto refresh itself. If the requirement is that you would like this to appear full screen in real time for others to see without giving them any other access to your desktop computer (as you may be away), a possibility…

The past couple of days I’ve been visiting China meeting with some of our technology and channel partners. It just so happens I was present in Beijing for the 20th anniversary of the 1989 Tiananmen Square Events. Yes it really did happen despite what the Chinese government says. Speaking on Saturday at the F5 APAC Sales Kickoff I found myself staying over the weekend with Sunday off to roam around Beijing like a tourist, something I rarely get a chance to do on business trips. It is amazing to me to see how the Chinese and Taiwanese work on Saturdays. In the US we rarely see that. Europeans chastise Americans for working too hard but I guess they should really…

We’ve been having some great success stateside recently at Splunk, but the fun doesn’t stop there. Oh no. We have good news from the land of the rising sun…Splunk won Best of Show at Interop Tokyo. If you can read Japanese, you can read more about it here.

Later this week I’ll recap our SplunkLive South Africa events.

I know, I know, no one wants to hear about the bad economy, but many of our IT brethren are facing staff reductions and limited budgets. At the same time, security is becoming a greater concern. Employees leaving organizations could be taking secure/ private data with them, fraud and other hacks are on the rise.

Even the White House is paying greater attention to digital security threats as President Obama looks to appoint a cybersecurity coordinator.

Bottom line: you need to make time, or spend the money to ensure your networks and information are secure.

Good news, John Sawyer at DarkReading has done a nice job detailing a few free/ inexpensive solutions in his article Free SIM Tools Save Money — And Maybe Your Data.

Give it a read. Then…

Lots of good news at Splunk these days!

1) Congrats to our lovely and talented Erik Swan, named among the Top 25 CTO’s for 2009. We knew it all along, but great to have InfoWorld recognize him as well. Yay Boss!

2) 7 of our customers are also on the list! A few we can mention include Peter Balnaves, CVS Caremark; Stephen Herrod, VMware; Judith Spitz, Verizon Business; Aber Whitcomb, MySpace

3) Last week we beat out 1200 other nominees to win the TiE50 for the Internet Infrastructure category. The TiE 50 honors the top 50 startup companies that are leaders in innovation, ingenuity, and show excellence in management. Our Chief Architect and Co-founder Rob Das was on hand to receive the award.

4) DiscussIT’s IT Security Pubcast produced…