From API to easy street within minutes

30? 20? …15? It all depends on how well you know your third-party API. The point is that polling data from third-party APIs is easier than ever. CIM mapping is now a fun experience.

Want to find out more about what I mean?  Read the rest of this blog and explore what’s new in Add-on Builder 2.1.0.

REST Connect… and with checkpointing

Interestingly  this blog happens to address a problem I faced back on my very first project at Splunk. When I first started at Splunk as a Sales engineer, I  worked on  building a prototype of the ServiceNow Add-on. Writing Python, scripted inputs vs mod input, conf files, setup.xml, packaging, best practices, password encryption, proxy and even checkpointing… the list goes …

» Continue reading

Building add-ons just got 2.0 times easier

Are you trying to build ES Adaptive Response actions or alert actions and need some help? Are you trying to validate your add-on to see if it is ready to submit for certification? Are you grappling with your add-on setup page and building credential encryptions? If you are, check out Splunk Add-on Builder 2.0.

Below is a brief overview of what’s new in Add-on Builder 2.0:

  • You can now leverage the easy-to-use, step-by-step workflow in Add-on Builder to create alert actions and ES adaptive response actions. No need to deal with .conf files and Python, let the tool do the work for you.

ModAlert1

modalert2

  • The validation process has been enhanced to include App Certification readiness. This validation process can also be performed on apps and add-ons
» Continue reading

Announcing Splunk Add-on for Microsoft Cloud Services

I am pleased to announce the availability of Splunk Add-On for Microsoft Cloud Services. Released on April 1st 2016, this add-on which is available on Splunkbase, provides Splunk admins the ability to collect events from various Microsoft Cloud Services APIs. In this first release, this includes:

  • Admin, user, system, and policy action events from a variety of Office 365 services such as Sharepoint Online and Exchange Online and other services supported by the Office 365 Management API.
  • Audit logs for Azure Active Directory, supported by the Office 365 Management API.
  • Current and historical service status, as well as planned maintenance updates for a variety of services supported by the Office 365 Service Communications API.

If you are wondering …

» Continue reading

Building add-ons has never been easier

Speaking from personal experience, building add-ons had never been the easiest task for me. There are numerous steps required, and each step may come with its owns challenges. Worse, I might spend time on a solutions just to hear it wasn’t best practice.

Wouldn’t it be great if there was a way to make this process easier by equipping developers, consultants, and Splunk Admins with the right tool to build their own add-ons? To take it a step further, wouldn’t it be even better if this tool actually helps you build the add-on by following tried and true best practices?

Allow me to introduce you to the Splunk Add-on Builder that helps to address the challenges highlighted above. Splunk Add-on …

» Continue reading

Indexing Data from Salesforce Objects in Splunk

In one of my previous posts, I talked about the Splunk App for Salesforce and how it helps you poll Salesforce “Event Log File” which are the Salesforce access logs/events.

I have been getting a lot of questions around what other data can you ingest using the App. What if you want to index records from standard or custom object? Take the example of Service Cloud data, how would you use Splunk to poll records from the Case Object to track various metrics such as the average Case closure time, open cases by User, etc. Another example would be how to track business metrics around Sales Orders and Quotes processing.

The good news is that with the help of this …

» Continue reading

Splunk App for Salesforce

Do you manage a Salesforce environment and would like to analyze who is accessing what? Would you like to find out who is exporting sensitive data? Would you like to detect any Salesforce related suspicious activities or any slow running reports, dashboards, SOQL queries?

If the answer to the above is yes, you should check out the Splunk App for Salesforce which has been recently released as a service on Splunk Cloud. This App relies on the Salesforce Event Log File that exposes Salesforce access logs. In addition to that, you can also leverage this app to collect and index any data from the standard Salesforce objects. In other words, you can use this app to index structured and unstructured salesforce data.
For …

» Continue reading

Detecting outages caused by unauthorized changes

Splunk is a great solution to search, investigate as well as monitor your IT environment, whether it is application, infrastructure or network related. One perplexing issue to detect is related to unauthorized changes. Per ITIL, an unauthorized change is a “change made to the IT infrastructure that violates defined and agreed Change policies”.

Let’s take a simple example where you have a multi-tier application and one of the admins made a change on one of the configuration files without running through the CAB or the Change and Release manager for impact analysis. This config change resulted in an application outage. Using Splunk, you can easily detect the outage,  no doubt about that.

The challenge is how can you isolate the …

» Continue reading

Splunk and Synthetic Monitoring

Monitoring your Web Application is not always an easy task. The challenge is even bigger when you want to be proactive about monitoring your application. How can you detect application performance problems before your users actually detect it? How about monitoring the availability of your Saas application knowing these environments are typically locked down: you can’t install an agent and you rarely have access to the instance log files thus limiting your visibility into the application.

A good solution for the above challenges would be to use synthetic monitoring. In a few words, synthetic monitoring is nothing more than a simulation of user interactions to your web application, which then allows you to measure the performance and availability of your application:
http://en.wikipedia.org/wiki/Synthetic_monitoring

» Continue reading

Cross-Platform Scripted Inputs

Building an app and making sure that it is environment agnostic can be a bit challenging. One challenge that I come across  over and over is how to make it work cross-platform… whether Splunk is installed on Windows, MacOS or *nix environments.

A good illustration of that challenge is when you use a “Scripted Input” in your app. Scripted Inputs are one of the many ways you can use Splunk to run scripts to collect data from 3rd party interfaces such as REST. Referencing that script in a Windows environment is different than the way you would do it in a MacOS environment.

Let’s take the example of the following scripted input stanza:

[script://./bin/scripts/snow.py incident]

disabled = 1

index …

» Continue reading

Indexing data from Saas solutions running on relational databases

As we began work on building the Salesforce.com app, I was again face to face with a familiar challenge…a challenge that you would encounter anytime you want to ingest structured data coming from any Saas based application that is running on a back-end relational database. In such a Saas based environment, the data is usually exposed via a REST, Webservices API or similar. As you know, in a typical relational database, all data is stored in multiple tables and records are linked across tables using ID’s. For instance the Incident table in ServiceNow does not have the Username that created that ticket but has a User Identifier (long cryptic string) referencing another record in the “Users” table that includes the …

» Continue reading