Quick n’ Dirty: Splunk Form Cheat Sheet

Have you ever made a terrific dashboard in Splunk and then thought…”Hmm, this is such a great dashboard, but I wish I could filter it for a subset of this data” or “hmmm….this dashboard should win an Academy Award, and now I’d like to exactly recreate it but for a different set of data”.  Yes?  Then you’re a great candidate for Splunk’s Simple XML forms.

There’s some great documentation on that topic here, but no documentation is so great that it can’t be improved with a cheat sheet.   I’ve made one and it lives here.  Enjoy and please email me (srussell@splunk.com) with praise, concerns, suggestions, and knock knock jokes.

Download Splunk Simple XML Form Cheat Sheet

» Continue reading
0
May 21, 2013
Posted by Sondra Russell in Tips & Tricks
Tags:

Capturing Omniture (or Google Analytics, or Webtrends) Data into Splunk
I’ve spoken to many customers who love their client-side tracking tools (Omniture, Google Analytics, Webtrends, etc.) but also want to get that data into Splunk so that they can correlate web traffic data with other things and really see “the big picture”.  But how?  What are the options?  Basically there are four ways to go:

Option #1: CSV Export

Create a report in your client-side tracking tool of choice and export the data.  In Splunk, upload the data (“Manager > Add Data > From files and directories”) and voila, you may now visualize and correlate to your heart’s content.
Pros: Easy and fast access to Splunk’s correlation, visualization, and analysis features.
Cons: Not automated, not real-time, and limited

» Continue reading
0
May 8, 2013
Posted by Sondra Russell in Tips & Tricks
Tags:

Quick N’ Dirty: Delimited Data, Sourcetypes, and You

Sometimes you have data.  It’s great data, it’s consistent data, and it would just be a heck of a lot more useful if Splunk knew each and every field.

You could always do it old school and use Splunk’s built in Interactive Field Extractor (also known as IFX).  Upside: it’s easy.  Downside: you’ll need to extract each field individually.  And if your data has, like, twenty columns, that’s a lot of extracting you’re doing.  there’s a faster way.

If your data is delimited, there’s an easier way to teach Splunk to understand it. As long as your data is consistently delimited…say with a space, comma, or tab…you can teach Splunk how to separate the data and how to…

» Continue reading
0
March 11, 2013
Posted by Sondra Russell in Tips & Tricks
Tags:

Client-Side Splunk!

Many of our customers use Splunk to analyze their Web traffic simply by indexing their apache or IIS server logs.  Those logs are useful, but in many cases they only provide half the picture.  This blog shows how you can send both server-side and client-side data to Splunk and have the best of both worlds.

What is server-side and client-side? Let’s say you’re reading this on blogs.splunk.com.  You’ve loaded this page and that action has been recorded in the apache server log, also known as server-side.  However, there are some interactions you can have with this page that won’t show up in the logs.  For example, you could “mouse over” the list of categories on the right nav or toggle…

» Continue reading
0
February 7, 2013
Posted by Sondra Russell in Tips & Tricks
Tags:, ,

Splunk Insights