MSaaS: A Conceptual Multi-Splunk Architecture Framework for Multitenant Splunk Deployments for MSPs, MSSPs and Enterprises

Organizations with large-scale, multitenant Splunk Enterprise deployments need to provide data segregation and access control for individual tenants to meet regulatory requirements or internal security policies. In addition, they need a scalable solution that can successfully handle the volume of data and the growing number of instances under management. These organizations strive to speed deployment and manage both deployment and upgrade risk, all while controlling administrative costs. They need a cost-efficient approach that reduces the marginal cost of each additional Splunk Enterprise instance and helps optimize their total cost of ownership of the platform.

Multiple Splunk as a Service (MSaaS) is an architectural framework that proposes a multi-instance approach to supporting multiple internal or external customers. Although multiple customers can

» Continue reading

Splunk in Space: Splunking Satellite Data in the Cloud

Hello all,

This year a Team of Splunkers attended the ESA App Camp 2015 in lovely Frascati, Italy. The topic of this year’s challenge was:

“There are thousands of ways to enrich apps with data from space – what’s yours?”

The Splunk team featured Robert Fujara and Philipp Drieger alongside with camp participants Claire Crotty and Anthony Thomas. Together the team created a mobile web app that accessed a Splunk Cloud instance to analyze geolocation-based satellite data and inform users about different environmental indicators across Europe. Users can input their preferences in terms of living environment and based on different indicators they then receive recommendations on which city or region would suit them best. 

The key data sources for this project

» Continue reading

docs.splunk.com – Redesigned and better than ever!

Here in the Splunk documentation team, our ties to the Splunk community motivate and energize us. You keep us honest and accurate, and your ongoing feedback helps make Splunk documentation great. We couldn’t do it without you, and more important, we wouldn’t want to!

A year ago, I came to .conf with some preliminary mockups of a redesigned docs.splunk.com. I talked with dozens of you, gathered your feedback, and we refined our plans so we could deliver as much of what you asked for as was humanly possible.

I am very pleased to announce that the new docs.splunk.com launches today. It incorporates both a new visual design and improved navigation. Let’s take a look.

landingpage

Overall, the look and feel …

» Continue reading

Tutorial: Let others work for you – Give them their data!

Recently I had a great discussion with some folks from the communbeach_chiar_pc_800_clr_3539ity –  they told me that in most cases the Splunkers within an organization are the ones with the best visibility and inform other departments about issues/problems/breaches. As a result their peers in the organizations want to have the same information advantage and visibility. However, often they are just interested in their own systems and services, not from others within a large organization.

What’s the easiest and fastest approach to give them the visibility they want?

The Answer: Lookups and drop down menus

Based on the Qualys App for Splunk Enterprise I’ll explain to you how you can modify an existing dashboard that shows all vulnerabilities and how to, for …

» Continue reading

The Splunk Apptitude App Contest to give out $150,000 in prizes

Screen Shot 2015-04-20 at 3.35.48 PM

The RSA Conference 2015 is in full swing here in San Francisco, and Splunk is out in force. With so much news coming out of the conference, it’s easy for things to get lost in the shuffle so I wanted to let you all know the what, why, when and how about the new Splunk Apptitude App Contest that we announced this morning.

WHAT?
The Splunk Apptitude App Contest is an online competition designed to find the next big app using Splunk software. Whether it’s the next cutting edge visualization, or a highly technical security app – we want your big ideas. And we’ll give you more than just bragging rights, we’ll give you cash.

The Splunk Apptitude contest serves …

» Continue reading

Announcing the Splunk Developer Guidance

Greetings, Splunk Developer Community!

This week we are announcing the new Splunk Developer Guidance program at the Splunk Partner Summit Americas 2015. The main objective is to provide our developer community with tools and guidance to build amazing apps on the Splunk platform and enrich users’ experience in gaining insights from their machine data – where ever it might come from and whatever domain they might be specializing in! We are fully aware that the first thing most devs are looking for is code that they can take apart, learn from, and reuse. That’s why we built reference apps for you. The reference apps are complete, end-to-end, real-world apps built with our partners that are meant to showcase various underlying …

» Continue reading

Look at all the pretty colors!

Well, it’s Sunday here in Las Vegas, and  .conf2014 is about to go down. I’m sitting in one of our Splunk University classes at the MGM, with many of our fine customers.

The class is our Power User Bootcamp, and we just finished talking about Splunk’s tagging, event types, and lookup functionalities. One of our more security-minded customers asked “hey – that ability to assign a color to event types in the Splunk search GUI is pretty cool – I’d like to use that to prioritize the events I’m looking at based on the risk profile assigned to a user. From a lookup. Can I do that?”

A second customer said “I like that idea.”

So, since this …

» Continue reading

Updated Traffic App

A few years ago, I created a publicly available traffic app for monitoring traffic incidents in major US cities configured by user. Since then, the provider of the feed has cut down on the number of cities they monitor and no longer provide incident counts per intersection. Nevertheless, they still provide a Jam Factor. A Jam Factor is a subjective number provided for a roadway that indicates how busy (or jammed) the roadway is.

For my reference implementation, I used this Jam factor field to visually allow you to to see your city’s (assuming the provider covers it) current Jam Factor for major highways. This updated traffic app that you can download has new dashboards that you can use to …

» Continue reading

APP WALKTHROUGH: Workflow Actions

One of the best ways to learn is by example.  If you want to build your own Splunk app, one of the best things you can do is dissect other apps.

In the below youtube video, I slowly go through a simple but useful app that adds “workflow actions”, which allow you to write custom actions for events and their fields.  This video shows you how it works and how you can make apps like it.

I go line-by-line, file-by-file, explaining everything.  You will learn something.

» Continue reading

PDF printing and logos

Working on the Splunk OEM team, we are often asked if it is possible to replace the logo printed on PDF reports. The short answer is yes, it is possible but it is kind of a hack. The workaround would not be Splunk upgrade safe, there are some limitations to what the SVG can do, and you would need to edit some Python. With that being said, the request to make this easier is already in the laundry list of improvements we are looking at for PDF printing.

Let’s get started:

  • The default Splunk logo is hardcoded in the $SPLUNK_HOME/lib/python2.7/site-packages/splunk/pdf/pdfrenderer.py file. Make sure you backup the file before editing!
  • At the bottom of the file, you will notice a variable
» Continue reading