One of the most common requests I get from new customers is that they want to centrally collect all their machine generated time series data and search for a keyword like error or RuntimeException. Obviously Splunk can do this. Then, the next set of questions concern things like give me the top hosts or applications producing this keyword, show me a baseline of last week vs this week for this keyword, show me a slope line on the trend for this or any keyword(s), find outliers that go beyond the average occurrences for the keyword and then try to predict what may happen in the future.

To answer these questions and then some, I’ve created an app template that you…

By the title of this post, many of you may assume that I am referring to network traffic. However, today’s topic is about monitoring vehicular traffic incidents or what some of us call accidents in most cases. I found a feed from http://cityrss.traffic.com/feeds that lists recent incidents for a known USA city if the city is used as the last part of the URL. The information returned explains the jam factor (how crowded the roads are), severity of the incident and its location. Armed with this information, I created a Splunk app around it and put it on Splunkbase for you to use. Instructions are provided on what text file to update to add or delete the cities you…

OData users? If so, read on…

Now available on Splunkbase, we have a new app – OData for Splunk that allows you to access your data in Splunk from applications like Excel and Tableau where you can build dashboards and other report visualizations outside of the Splunk’s web interface.

This app provides OData endpoints to your Saved Searches. Using this endpoints, you can pull data from Splunk into Excel, Tableau or any other applications that support Open Data Protocol.

This application is currently in beta, and works with Splunk 5.0 and above. If you would like access, please contact us at DevInfo.

To all .conf attendees, thank you for attending my presentation today. It was really heart-warming to see the strong support from you. The room reached full-occupancy within minutes!

To those that missed this session, there will be an encore session to talk about the internals of the concept viz app. We’ll look at the design and then dive straight into the codes:

Visualizing your Big Data
Castellana 1
Thursday, Sept 13, 2012
11:45am -12:15 pm

See you tomorrow and we’ll see how far your BIG data take you in your journey!
Follow me at @nicholaskey or http://blogs.splunk.com/author/nkey

Is that possible at all? At Splunk, we are constantly experimenting ways to make Splunk more usable. This new approach allows users to “talk” to Splunk (with a microphone) and transforms natural language into Splunk search command.

Notice the small little microphone icon in the textfield? That small little icon unlocks a huge potential to make splunk more user friendly.

Interested to learn more about this concept app?
Come join us at the Chalk-talk session on
Monday, September 10, 2012
5pm – 7pm
Gracia Commons, Level 3 Cosmopolitan Hotel

Here’s a thought. “Visualizing the content in the /etc/apps directory of your Splunk instance”. Is that possible with Splunk? There’s an app for that.

Here’s a sneak preview of the app …

Come join us and learn more in the Developing on Splunk sessions at .conf!

Hello! How may I help you? Hmmm … you want to visualize your indexed data with other means other than the traditional pie charts, bar charts and tables? I see … and you want to have full control to integrate external tools and plugins into your app because you are feeling adventurous? Is that possible with Splunk?

APPS-olutely!

Come join us and learn more in the Developing on Splunk sessions at .conf!

Let’s discover together the interesting yet easy to understand approach in developing custom apps that work seamlessly with Splunk as your data platform. Explore the ways how to make use of external tools to visualize your events as illustrated below:

Our apps have got a new, distinctive look – check them out on Splunkbase!  Our goal was to made apps easy to browse and find, to make it clear what a given app’s purpose and value is, and to make it easier for you to contribute your feedback.  Take a look.

New clean listing page allows you to skim through it and find what you are looking for without missing important details, like number of downloads, recent updates and relevant tags.

App details are now looking more organized and clean.   Learn everything about an app and proceed to download with one click.

Love it? Hate it?

Please let me know –…

Psstt … Is geolocation ready in the latest release of the Splunk for Facebook app? Yes! To those who have been following the progress of this app and curious to know if the idea mentioned (geolocating activities in Facebook and visualizing them) in the previous post Splunk for Facebook – event updates with geolocation is implemented and how it is implemented, this is how it looks like.

Short story: Activities with geo-coordinates (latitude and longitude) will be marked on the map. Individual marker will pop up as the cursor is moved around the correlated individual result in the results section.

Long story: Quite technical but the steps will be described as terse and as simple as possible

[1] The…

Hello again! What you see is a screenshot of a new feature in the Splunk for Facebook app. It is still a work in progress (many components need to be implemented – backend and frontend).

This a quick overview of the new feature added into the Splunk for Facebook app (“Activities updates in your social network”). It was mentioned briefly in the previous article “Splunk for Facebook … cont’d“ about getting better insight of the activities among your connections in your social network with Splunk. There are many parts that are pieced together to get this feature to work:

[1] Getting the data

This app utilizes the Facebook Graph API to retrieve the updates among your connections. In particular…