Using HTML5 Input Types on Splunk Forms

Text inputs on Splunk forms allows for free-form user input.  However, there are times when you need to control the type of this data input.  HTML5 has several input types that control what can be entered in text boxes and how the text box behaves during user input.  Wouldn’t it be cool if you could apply these HTML5 input types to Splunk text boxes?  Hint: the answer is “yes”.  Read on to find out how.

What we will be creating

We will control text box inputs using JavaScript.  Below is a screen shot of the final product:

Input Types Example

This is basically a 2 step process:

  1. Create a Simple XML form
  2. Wire up some JavaScript to manipulate the text fields in the form

Creating

» Continue reading

Dashboard Digest Series – Episode 2

noaa_website

Welcome to the second episode of the Dashboard Digest Series! So what do we have for Episode 2? Waves!

The use case here was to display real-time and historical parameters and statistics from the National Oceanic and Atmospheric Administrations National Data Buoy Center or NOAA NDBC for short.  Thanks to an add-on created by Julien Ruaux on Splunkbase, I was able to easily collect data from the NDBC’s data feed and start creating dashboards right away.   While the NOAA NDBC site has it’s own dashboard (pictured right) I figured it might be useful to access and visualize the data in different ways through Splunk.  That and eventually correlate the buoy data with other data sources.

Purpose: Display meaningful statistics …

» Continue reading

Dashboard Digest Series – Episode 1

Welcome to the Dashboard Digest Series! Starting today you can look forward to a different dashboard (and sometimes a collection of dashboards) that was created to solve one of many hundreds of use cases in just about any industry in hopes of getting your creative juices flowing and show you the art of possible of what you can create with Splunk.  Some upcoming examples you can expect in this series are depicted in the collage below.

dashboard_collage_luedtke_v1

Each post will contain information about the dashboard such as data sources involved, Splunk version, Apps used, and general purpose. This is a great way to see new features and learn about tips and tricks on how to create these dashboards!

So let’s get started!

The first …

» Continue reading

If your plants could speak to you, what would they say?

unhappy_plant

I’m pretty sure mine would say “Hey Bozo, thanks for drowning me to death” or “Must… have… water… What is this, the Sahara?” Oh, and also “I hate it here, what’s it take to get some morning sun?”

I decided it was time to apply my inner nerd to reduce my plants suffering. That and happier plants mean a happier fiancé. Enter Splunk! The goal was:

  1. Keep track of moisture level in the soil.
  2. Determine best location for light intake.
  3. Combine current weather data, future forecasts and 1 and 2 above to create some machine learning models that predict when is best to water. (I’m still working on this part)

I shall call it… Operational Plantelligence! When first said aloud, …

» Continue reading

Box Plots: Making Custom Visualizations

This is the first of a two part series on implementing Box Plots in Splunk for security use cases.

Analyzing complex data is difficult, which is why people use Splunk. Sometimes patterns in data are not obvious, so it takes various ways of looking at aggregate reports and multiple charts to ascertain the important information buried in the data. A common tool in a data analyst’s arsenal is a box plot. A box plot, also called a box and whisker plot, is a visual method to quickly ascertain the variability and skew of data, as well as the median. For more about using and reading box plots, read the excellent and succinct post by Nathan Yau of the Flowing Data …

» Continue reading

Humanizing Security Data Visualization

Visualizing and displaying complex data is hard. Understanding complex data is harder. Rapidly making operational decisions based upon complex data is extremely hard.

Historically, operational security analysts rely on alerts, tables, and charts on dashboards or in email to pull potentially useful information out of the vast sea of data dumping into their analytic systems. This has always been problematic due to the combination of false positives and understanding the context of data filtered through the human brain. Most of the standard methodologies for displaying complex information make it harder, not easier, for humans to understand the information they seek in a timely and operationally useful manner.

Everyone has seen dashboards with a wall of text in tables interspersed with …

» Continue reading

Creating a Splunk Javascript View

Once of the best things about Splunk is the ability to customize it. Splunk allows you to make your own Javascript views without imposing many limitations on you. This means you make apps that includes things such as:

  • Custom editors or management interfaces (e.g. lookup editing, slide-show creation)
  • Custom visualizations (though modular visualizations are likely what you will want to use from now on)
  • etc.

That said, getting started on creating a Splunk Javascript view can appear a little daunting at first. It really isn’t that hard though. Keep reading and I’ll explain how to do it.

Parts of a Splunk Javascript View

Before we get started, lets outline the basic parts of a custom Javascript view:

Component Path Example Description
Javascript
» Continue reading

Another Update to Keyword App

It’s been three years since I first released the relatively simple Keyword app on Splunkbase and wrote an initial blog entry for it describing it followed by an updated entry. In summary, the Keyword app is a series of form search dashboards designed for Splunk 6.x and later that allow a relatively new user to type in keywords (e.g., error, success, fail*) and get quick analytical results such as baselines, prediction, outliers, etc. Splunk administrators can give this app to their users as is, use the app as a template to write their own keyword dashboards, or take the searches in the app to create new views.

For this update, I’ve used, fellow Splunker, Hutch’s icons to update the …

» Continue reading

Splunk Add-on > Where’s That Command – Converting a Field’s Hexadecimal Value to Binary

When looking through Splunk’s Search Reference Manual, there are a ton of search commands with their syntax, descriptions, and examples.  After all, if Splunk is the platform for machine data, there needs to be an extensive list of commands, functions, and references that guide Splunkers through the Search Processing Language (SPL).  But one would think that we had everything covered, right?  Well, almost….

I have a couple of great customers from the Houston, Texas area to thank for this.  Gabe and Andrew (you know who you are) are not only strong Splunkers, but frequent the Splunk Houston User Group (SHUG) meetings and are always looking for ways to expand their use of Splunk as well …

» Continue reading

MSaaS: A Conceptual Multi-Splunk Architecture Framework for Multitenant Splunk Deployments for MSPs, MSSPs and Enterprises

Organizations with large-scale, multitenant Splunk Enterprise deployments need to provide data segregation and access control for individual tenants to meet regulatory requirements or internal security policies. In addition, they need a scalable solution that can successfully handle the volume of data and the growing number of instances under management. These organizations strive to speed deployment and manage both deployment and upgrade risk, all while controlling administrative costs. They need a cost-efficient approach that reduces the marginal cost of each additional Splunk Enterprise instance and helps optimize their total cost of ownership of the platform.

Multiple Splunk as a Service (MSaaS) is an architectural framework that proposes a multi-instance approach to supporting multiple internal or external customers. Although multiple customers can

» Continue reading