Event Calendar Custom Visualization
Splunk Custom Visualizations
Splunk 6.4 introduced reusable custom visualizations which allows a developer to package up a visualization and integrate it into Splunk just like the native visualizations. This also addresses the limitation mentioned above – meaning any end user can use the visualization without mucking around with the Simple XML.
So, revisiting the older escape hatch calendar technique, I thought it would be a good …
Encrypt a Modular Input Field without using Setup.XML
Modular Inputs are a great addition to Splunk Enterprise. One of the things I really like about Modular Inputs is that they allow you to create inputs that “look and feel” as if they were part of the Splunk installation by providing a nice user interface for parameter input.
But, what if you need to encrypt a Modular Input value? This could be a password, OAuth secret key, or some other confidential piece of information. Traditional Splunk applications use setup.xml and the storage/passwords endpoint to accomplish this. If you just need to encrypt an input value specific to the input (as opposed to the entire application), it may be cumbersome to the end user to first run through a setup.xml …
Using HTML5 Input Types on Splunk Forms
Text inputs on Splunk forms allows for free-form user input. However, there are times when you need to control the type of this data input. HTML5 has several input types that control what can be entered in text boxes and how the text box behaves during user input. Wouldn’t it be cool if you could apply these HTML5 input types to Splunk text boxes? Hint: the answer is “yes”. Read on to find out how.
What we will be creating
This is basically a 2 step process:
- Create a Simple XML form
Splunking Continuous REST Data
One of the ways vendors expose machine data is via REST. There are a couple of ways to get REST data into Splunk today:
- Use Damien Dallimore’s REST API Modular Input – you can provide a custom response handler for this input to persist state.
- Use the new Splunk Add-on Builder – this method will do a “one shot” of the REST endpoint – meaning, every time the input runs, it will get all the data every time.
In this post, I will show you how to implement a cursor mechanism (i.e. pick up where you left off last time) for REST endpoints that continually have new data over time using the checkpoint mechanism built into modular inputs.
The Data Source
Splunking Microsoft Azure Audit Data
We recently made available a community-supported Splunk Add-on for Microsoft Azure, which gives you insight into Azure IaaS and PaaS. I am happy to announce that this add-on now includes the ability to ingest Azure Audit data. The idea behind Splunking Azure Audit logs is to be able to tell who did what and when and what events might impact the health of your Azure resources. In this blog post, I will detail what we are collecting, how to use the data, and what is coming next for the add-on.
What are we collecting?
This update adds a new modular input to your Splunk environment:
This modular input grabs data using the Azure Insights Events API.
Splunking Microsoft Azure Data
There are a lot of services in Microsoft Azure, and a lot of those services are producing machine data. Hal Rottenberg wrote a post covering several of these services and some ways to integrate Splunk with Microsoft Azure. We recently released a new cross-platform Azure add-on that consumes data for some IaaS and PaaS services. In this blog post, I will detail what we are collecting, how to use the data, and what is coming next for the add-on.
What are we collecting?
The add-on ships with three modular inputs:
- Azure Diagnostics – this input collects data from an Azure Storage account that contains virtual machine diagnostic information.
- Azure Website Diagnostics – this input collects server and application data for Azure
IoT and Flying Ponies at .conf 2015
One of the coolest demos I witnessed at Splunk .conf 2015 was the one by Nate McKervy. The reasons this demo was so cool is 1) it was live, 2) it involved audience participation, and 3) it involved shooting stuffed ponies out of an air cannon. This article will explain a little more of what was going on under the covers.
Skip to 19:18 for the demo
Getting Data from the Audience
To kick off this live demo, some data was needed. What better way to get real data than to get the audience involved? To do this, a mobile website was created that prompted for a couple of questions and then instructed you to shake your mobile device …
Splunking Box Data – Content Events
In my last post about Splunking Box data, we focused on user authentications including percentage of failed logins, where logins are coming from, user accounts associated with failed logins, etc. In this post, I want to focus on some of the events surrounding Box content once a user is authenticated.
In the context of this post, we will call a content event anything that happens to your Box content. For example, a content event may be a file preview, upload, download, sharing, delete, etc. There is a handy event type defined in the Splunk Add-on for Box called box_events_change. Using this event type, we can get an idea of the type of activity going on within the …
Splunking Box Data – User Authentications
The Splunk Add-on for Box collects a lot of valuable data including Box users, files, folders, groups, and more. Included in the Splunk Add-on for Box are several pre-built panels to get quick insights into this data. The purpose of this post is to introduce various use cases around Box data included in the pre-built panels and custom searches and visualizations not included in the pre-built panels.
Before a user can access Box content, they have to authenticate. It is important to keep an eye on the percentage of failed logins, where logins are coming from, user accounts associated with failed logins, etc. The Splunk Add-on for Box has an event type named box_events_authentication that gives you all the …
RDP to Windows Server from a Splunk Dashboard – Example Code
A while back, I wrote blog post explaining how to RDP to a Windows Server from a Splunk Dashboard. The steps involved the following:
- Create a Controller – this generates the .rdp file on the server and delivers it to the client.
- Create a custom endpoint in web.conf – this part enables url access to the controller created above.
All the nitty-gritty details were spelled out in the blog post. However, if you learn better by example (like I do), then there is a new GitHub repo that has a working example for you. In the …