Splunk takes a flexible approach to license enforcement with Splunk Enterprise 6.5

I can’t believe that Splunk .conf2016 is already behind us. If you joined us in-person in Orlando or watched the keynote on Splunk.com, you know an important theme for Doug Merritt, Splunk President and CEO, is making it easier to do business with Splunk. In his keynote, Doug announced an important change to Splunk Enterprise – the removal of metered license enforcement.

We know that Splunk plays a mission-critical role for your business. With metered enforcement, unanticipated data growth or bursts of new data during an incident investigation could cause disruption in your Splunk operations. So starting with version 6.5, Splunk Enterprise no longer disables searches when you exceed your licensed data ingestion quota.

table summary viewThis will be standard for any …

» Continue reading

Dashboard Digest Series – Episode 2: Part Deux

geoheatmap_hurricaneBefore moving on to the next episode 3 I decided to do a part two of Episode 2 – Waves!  The reason being is two-fold.  1) Splunk Enterprise 6.5 was recently released and 2) Hurricane Matthew had quite the effect on some of these buoys/stations.  See the original blog post here: Dashboard Digest Series – Episode 2

Purpose: Display meaningful statistics on NDBC buoy information in historical and real-time.  Easily drilldown, aggregate and visualize data from 1000s of buoys transmitting information.
Splunk Version: Splunk 6.5 and above for table coloring
Data Sources: Polling NDBC RSS feed that produces JSON payload
Apps: Add-on for NDBC, Custom Cluster Map Visualization, Clustered Single Value Map Visualization, …

» Continue reading

Introducing Splunkbase Curated Experience

There are about 1,200 apps in Splunkbase today. Up until now, the typical ways to look for an app on Splunkbase have been to either search for the app, or filter through multiple apps based on several filter criteria. We have not recommended apps to our user community in the past. With the launch of curated experience at Splunk .conf2016 we are changing this by bringing the notion of “curation” to Splunkbase.

We believe this will improve the app browsing and discovery experience for our users by highlighting apps that provide the most value. The main emphasis here is on “curation of content” by a team at Splunk – sifting through all the apps on Splunkbase, and highlighting these …

» Continue reading

Using HTML5 Input Types on Splunk Forms

Text inputs on Splunk forms allows for free-form user input.  However, there are times when you need to control the type of this data input.  HTML5 has several input types that control what can be entered in text boxes and how the text box behaves during user input.  Wouldn’t it be cool if you could apply these HTML5 input types to Splunk text boxes?  Hint: the answer is “yes”.  Read on to find out how.

What we will be creating

We will control text box inputs using JavaScript.  Below is a screen shot of the final product:

Input Types Example

This is basically a 2 step process:

  1. Create a Simple XML form
  2. Wire up some JavaScript to manipulate the text fields in the form


» Continue reading

Dashboard Digest Series – Episode 2


Welcome to the second episode of the Dashboard Digest Series! So what do we have for Episode 2? Waves!

The use case here was to display real-time and historical parameters and statistics from the National Oceanic and Atmospheric Administrations National Data Buoy Center or NOAA NDBC for short.  Thanks to an add-on created by Julien Ruaux on Splunkbase, I was able to easily collect data from the NDBC’s data feed and start creating dashboards right away.   While the NOAA NDBC site has it’s own dashboard (pictured right) I figured it might be useful to access and visualize the data in different ways through Splunk.  That and eventually correlate the buoy data with other data sources.

Purpose: Display meaningful statistics …

» Continue reading

Dashboard Digest Series – Episode 1

Welcome to the Dashboard Digest Series! Starting today you can look forward to a different dashboard (and sometimes a collection of dashboards) that was created to solve one of many hundreds of use cases in just about any industry in hopes of getting your creative juices flowing and show you the art of possible of what you can create with Splunk.  Some upcoming examples you can expect in this series are depicted in the collage below.


Each post will contain information about the dashboard such as data sources involved, Splunk version, Apps used, and general purpose. This is a great way to see new features and learn about tips and tricks on how to create these dashboards!

So let’s get started!

The first …

» Continue reading

If your plants could speak to you, what would they say?


I’m pretty sure mine would say “Hey Bozo, thanks for drowning me to death” or “Must… have… water… What is this, the Sahara?” Oh, and also “I hate it here, what’s it take to get some morning sun?”

I decided it was time to apply my inner nerd to reduce my plants suffering. That and happier plants mean a happier fiancé. Enter Splunk! The goal was:

  1. Keep track of moisture level in the soil.
  2. Determine best location for light intake.
  3. Combine current weather data, future forecasts and 1 and 2 above to create some machine learning models that predict when is best to water. (I’m still working on this part)

I shall call it… Operational Plantelligence! When first said aloud, …

» Continue reading

Box Plots: Making Custom Visualizations

This is the first of a two part series on implementing Box Plots in Splunk for security use cases.

Analyzing complex data is difficult, which is why people use Splunk. Sometimes patterns in data are not obvious, so it takes various ways of looking at aggregate reports and multiple charts to ascertain the important information buried in the data. A common tool in a data analyst’s arsenal is a box plot. A box plot, also called a box and whisker plot, is a visual method to quickly ascertain the variability and skew of data, as well as the median. For more about using and reading box plots, read the excellent and succinct post by Nathan Yau of the Flowing Data …

» Continue reading

Humanizing Security Data Visualization

Visualizing and displaying complex data is hard. Understanding complex data is harder. Rapidly making operational decisions based upon complex data is extremely hard.

Historically, operational security analysts rely on alerts, tables, and charts on dashboards or in email to pull potentially useful information out of the vast sea of data dumping into their analytic systems. This has always been problematic due to the combination of false positives and understanding the context of data filtered through the human brain. Most of the standard methodologies for displaying complex information make it harder, not easier, for humans to understand the information they seek in a timely and operationally useful manner.

Everyone has seen dashboards with a wall of text in tables interspersed with …

» Continue reading

Creating a Splunk Javascript View

Once of the best things about Splunk is the ability to customize it. Splunk allows you to make your own Javascript views without imposing many limitations on you. This means you make apps that includes things such as:

  • Custom editors or management interfaces (e.g. lookup editing, slide-show creation)
  • Custom visualizations (though modular visualizations are likely what you will want to use from now on)
  • etc.

That said, getting started on creating a Splunk Javascript view can appear a little daunting at first. It really isn’t that hard though. Keep reading and I’ll explain how to do it.

Parts of a Splunk Javascript View

Before we get started, lets outline the basic parts of a custom Javascript view:

Component Path Example Description
» Continue reading