Splunk .conf material

For those of you attending my talk, “Building Effective Charts in Splunk” at the 2011 Splunk User Conference, here are the supporting materials:


Download the self-contained Prezi file:


Also try out the Splunk Particle app at: http://metasplunk.com/projects/particle

Custom CSS Demo App

Download this tgz file and untar into:


Restart, and point your browser to:


Download the app: http://dl.dropbox.com/u/1748015/userconf_demo.tgz

The userconf_demo.tgz app contains 3 variations of the same view in different stages of customization:

internal_overview_stock.xml: this is the base view with no CSS or charting customizations.  It removes the standard chrome by omitting modules like the AccountBar and AppBar.

internal_overview_partial.xml: this is the stock view with CSS applied to it.  The CSS rules are …

» Continue reading

The Splunk Python client library (part 1)

Splunk 3.2 introduces a publicly available Python client library that allows external developers to programmatically interact with Splunk by importing a few key modules.

The easiest way to get started with the client library is to get into Splunk’s Python environment. Locate your Splunk install directory (/opt/splunk by default), and start the python interactive shell that comes with Splunk:

# bin/splunk cmd python

This will launch the interactive Python prompt, which starts off looking like this:

Python 2.5.1 (r251:54863, Nov 18 2007, 16:13:41)
[GCC 4.0.1 (Apple Computer, Inc. build 5363)] on darwin
Type "help", "copyright", "credits" or "license" for more information.

Starting a search

Import the Splunk modules:

import splunk.auth
import splunk.search as se

If you have installed …

» Continue reading

Using the Atom Feed Format in Enterprise Software

XML is a great format for exchanging information because it balances readability, extensibility, and compatibility across heterogeneous environments. However, its flexibility is also a disadvantage because it is far too easy to create a proprietary XML schema, resulting in lots of custom code to interface with various systems. Lots of custom code leads to brittleness, and brittleness leads to frustration. The key to salvation lies in standardization.

Enter the Atom standard: a standards-track schema that defines a generic collection/item container format in XML. Most people equate Atom to an RSS competitor, which is true, but that only covers half of what it does. The Atom Publishing Protocol is a well-defined protocol for performing CRUD (Create, Read, Update, Delete) operations …

» Continue reading

Exploring Splunk’s REST API

Update: Splunk now has a dedicated developer site that has API and SDK docs and examples (for version 4).

Splunk 3.2 is available for download! This release is one of our biggest so far, representing a tremendous amount of effort by our engineering team, and is a product that I’m proud to stand behind. As I mentioned in my last post about our push for the Splunk Platform, a central tenet is to make a compelling product that developers will not only understand, but also enjoy using. While Dr. LogLogic rambles on about how catering to developers sucks, we know that developers are a huge part of our user base (drop by the #splunk channel on EFNet sometime) …

» Continue reading

Standing on Our Own Platform

Splunk is on track to become a billion-dollar company and you, the intrepid sysadmin/developer, are going to help us get there. Now, this is not a statement that I’m making as an analyst who “covers” the enterprise software market, and compiles a list of “top software companies to watch”. I’m writing this as Splunk’s Platform Architect, a techie whose goals are to ensure that what comes out of our development group is compelling and exciting to those that are actually working with the product.

It is this developer-centric ethos that sets us apart from so many of the other enterprise software firms and has already paid dividends on community goodwill. Instead of making prospective buyers jump through registration hoops just …

» Continue reading

Trekking in the Galapagos

The Splunk cozy has been to a few countries around the world. This month, I took it to the Galapagos, and decided to leave it there at Post Office Bay amongst all the other plaques and memorabilia. I think it’ll be very comfortable for a while. See the rest of my Galapagos photo gallery.

The Galapagos

The Galapagos

» Continue reading

Driving Miss Erik

Adventures on a mini-bike amongst the boxes in engineering:

External view:

Internal view:

» Continue reading

Dev vs. Support Boat Race

Dev destroys support in a 4 on 4 boat race.

» Continue reading

AjaxWorld 2007

For all you hardcore Web 2.0 fanboys, I’m giving a talk at AjaxWorld on “High-Performance AJAX Application Design” down in Santa Clara at the end of September. The official blurb is:

Designing an AJAX application that meets enterprise scalability and performance requirements presents technical challenges that aren’t addressed by traditional AJAX frameworks. This session will highlight the techniques used in Splunk to address handling large amounts of data in the browser, persistent multi-panel state management, interface customization and localization, and interactive DOM-accessible graphics support. By leveraging existing, though less common, techniques such as iframe-style AJAX, in-browser XSLT, and contextual CSS, modern browsers can provide a compelling interface without the need for a thick-client installation.

Come by and say hi.…

» Continue reading

Drugging employees for fun and profit

Blue Bottle Coffee

On a daily basis, I pay homage to the wonder that is Blue Bottle Coffee espresso, which flows freely — some would say excessively — from our kitchen. The benefits to productivity that this fine coffee bestows upon the dev team is enormous, easily eclipsing other contenders such as video games or foosball. Of course, there were some hurdles to get to this point, namely somebody pouring M&Ms into the bean grinder of the super-automatic that was previously in service. The result was a pitiful molten mess of chocolate, beans, plastic, and gears. And, of course, the perpetrator was never discovered. So the only recourse was to beef up the machinery and move to a true commercial setup: a La

» Continue reading