.conf 2014: The Community Report

Whew! Welcome back from .conf, everyone. I know it’s been two weeks since we all hung out together in the Community Lounge, but it still feels like we only just left the MGM yesterday…

All for you: the Community Lounge

This year at .conf, we created an intentional space for our amazing user community: you. You folks are the reason we’re here, and we wanted you to have a cool place to meet other Splunk users, talk about the stuff that matters to you, and get a little fun in at the same time.

The Answers Desk

The Splunk Answers Desk was, as always, hugely popular. Our staff of lab-coated (and sometimes be-fezzed) Support and Sustaining Engineering specialists were kept busy helping …

» Continue reading

Get your Community on at .conf2014!

Community is HUGE at Splunk, and we’re doing it up big at this year’s .conf with our own gigantic Community Lounge. Here’s a sampling of what’s in the works:

Masters of IRC panel discussion

Wednesday, Oct 8th 11am-12noon on the Community Stage

Join us for an informal panel discussion with 6-7 of our most knowledgeable, longtime customers from the #splunk IRC channel. They will be taking your questions and sharing best practices and stories from their long years of experience deploying and maintaining Splunk at scale. Bring your questions! Whisky optional, but recommended :).

Learn how to start your own Splunk User Group (and meet other people who do, too)

Wednesday, Oct 8th, 12:15pm – 12:45pm on the Community

» Continue reading

Give the gift of karma…at .conf!

Are you a Splunk Answers user? Are you attending Splunk’s 5th Worldwide User Conference next week in Las Vegas? Do you want a way to show your appreciation for other .conf attendees, presenters, vendors, your Splunk University instructors (besides buying them a drink*)?

Introducing SplunKarma, the mobile karma dispenser!

Starting on Saturday, October 4th (the first day of Splunk University), you can visit http://answers.splunk.com/karma from your mobile device and log in with your Splunk Answers credentials. You’ll be given a cache of karma points to use to reward the members of the Splunk Community around you at .conf. All you need to do is find out what their Splunk Answers userID is.

If you’re speaking at .conf, tell your session audience your Splunk Answers …

» Continue reading

Splunk Answers is now migrated!

Splunk Answers has just been migrated to a new platform!  Read more about the process and goals.

What to expect

You won’t see much in the way of UI changes, but the site underneath will be more stable and more flexible.  You should experience faster loading times, more responsive controls, and very importantly, an improved search experience. We will now also have access to new and improved spam blocking features, a much-needed improvement.

The goal of the initial migration is to maintain feature parity with the existing Splunk Answers site. This will help us make sure we don’t break anything you’ve come to rely on. Over time, we will be able to launch new features and improved functionality.

Update: …

» Continue reading

Splunk Answers migration coming up on Sept 12th!

Update

9/13 12:30pm Pacific: Still working out final issues with userID mappings. Sorry for the delay!

———————————————————————

Home to more than 35,000 questions and more than 43,000 answers as well as a thriving community of your fellow Splunk users, Splunk Answers will be getting an update soon! Here’s what to expect:

What will happen during the migration?

During the migration process, we will put the existing production site into a read-only mode so we can get the most up-to-date copy of the Answers database to use on the new site. This will start at around 8pm Pacific, which our own Splunk instance tells us is when usage of the site begins to taper off significantly for the weekend. During this time, you will be able to …

» Continue reading

Splunk and the latest OpenSSL vulnerabilities

Hi Splunk users,

Last Monday, we became aware of a new set of vulnerabilities announced in OpenSSL. We have reviewed the issues, and have determined that we must update the version of OpenSSL we currently ship to address these issues.

Note: Not all the listed issues are of concern for Splunk. For example, we do not use DTLS.  However,  “SSL/TLS MITM vulnerability (CVE-2014-0224)” is relevant to Splunk and should be addressed.

7/1/14: Update

We have now posted the following releases containing the fixed version of OpenSSL:

  • 5.0.9 – This release contains only the OpenSSL update.
  • 6.0.5 – This release contains a number of fixes including the OpenSSL update.
  • 6.1.2 – This release contains one fix in addition to the OpenSSL update.
» Continue reading

That happened: episode 41

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: how to hire a ninja, the usual assortment of bad jokes, blame-based dashboarding:

I will find you, and I will splunk you

Must have a very particular set of skills

<Baconesq> We are trying to write a job req for a “splunk person
<Baconesq> Why is this so hard?
<cerby> Baconesq: because there aren’t enough of us. :)
<xoff> “Must be rockstar, like Pie.”
<xoff> (and Bacon)
<snowmizer> baconesq: can I work from iowa
<xoff> Baconesq: seriously, I wouldn’t mind a copy of what you …

» Continue reading

That happened: episode 40

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: Ducky drops some wisdom, the #splunk buddy system in action, some things never get old,  sharing the Splunk clue:

Interested in Splunk performance as it relates to kernel filesystem caching?

Check out this awesome blog post from resident #splunk genius duckfezhttp://duanewaddle.com/effect-of-kernel-filesystem-caching-on-splunk-performance/

The family that upgrades together…

…might also need a tetanus shot:

<Degann> catalan you upgrade to 6.0.3?
<catalan> yep
<Degann> we can be upgrade buddies, I just finished
<Degann> :)
<catalan> awwww
* catalan cuts her thumb and holds out the knife

Is there nothing regex can’t do?…

» Continue reading

Final status: Splunk and the Heartbleed vulnerability

Dear Splunk users,

We’re expecting this to be our final blog post about how we’re handling the Heartbleed OpenSSL vulnerability (CVE-2014-0160). For background, here are the previous installments from us:

http://blogs.splunk.com/2014/04/09/splunk-and-the-heartbleed-ssl-vulnerability/
http://blogs.splunk.com/2014/04/10/fix-now-available-splunk-and-the-heartbleed-vulnerability/

What’s been done, products and services

We’ve updated and secured our products and services as follows:·

» Continue reading

Fix now available: Splunk and the Heartbleed vulnerability

Dear Splunk users,

This is an update to yesterday’s post on our handling of the OpenSSL Heartbleed vulnerability.  Thank you again for your patience and understanding as we spent the necessary time to prepare and test our fix for this important issue. As I mentioned yesterday, we are working hard to balance getting the fix out to you as quickly as possible while still spending sufficient time testing it to ensure a high quality delivery.

Take me to the fix!

As of now, Splunk Enterprise 6.0.3 is now available for download. This includes universal forwarder builds.

This release contains two fixes for vulnerabilities in OpenSSL:

  • CVE-2014-0160 – OpenSSL 1.0.1 TLS Heartbeat leaks sensitive information (also known as the “Heartbleed”
» Continue reading