If your plants could speak to you, what would they say?

unhappy_plant

I’m pretty sure mine would say “Hey Bozo, thanks for drowning me to death” or “Must… have… water… What is this, the Sahara?” Oh, and also “I hate it here, what’s it take to get some morning sun?”

I decided it was time to apply my inner nerd to reduce my plants suffering. That and happier plants mean a happier fiancé. Enter Splunk! The goal was:

  1. Keep track of moisture level in the soil.
  2. Determine best location for light intake.
  3. Combine current weather data, future forecasts and 1 and 2 above to create some machine learning models that predict when is best to water. (I’m still working on this part)

I shall call it… Operational Plantelligence! When first said aloud, …

» Continue reading

Box Plots: Making Custom Visualizations

This is the first of a two part series on implementing Box Plots in Splunk for security use cases.

Analyzing complex data is difficult, which is why people use Splunk. Sometimes patterns in data are not obvious, so it takes various ways of looking at aggregate reports and multiple charts to ascertain the important information buried in the data. A common tool in a data analyst’s arsenal is a box plot. A box plot, also called a box and whisker plot, is a visual method to quickly ascertain the variability and skew of data, as well as the median. For more about using and reading box plots, read the excellent and succinct post by Nathan Yau of the Flowing Data …

» Continue reading

Humanizing Security Data Visualization

Visualizing and displaying complex data is hard. Understanding complex data is harder. Rapidly making operational decisions based upon complex data is extremely hard.

Historically, operational security analysts rely on alerts, tables, and charts on dashboards or in email to pull potentially useful information out of the vast sea of data dumping into their analytic systems. This has always been problematic due to the combination of false positives and understanding the context of data filtered through the human brain. Most of the standard methodologies for displaying complex information make it harder, not easier, for humans to understand the information they seek in a timely and operationally useful manner.

Everyone has seen dashboards with a wall of text in tables interspersed with …

» Continue reading

Creating a Splunk Javascript View

Once of the best things about Splunk is the ability to customize it. Splunk allows you to make your own Javascript views without imposing many limitations on you. This means you make apps that includes things such as:

  • Custom editors or management interfaces (e.g. lookup editing, slide-show creation)
  • Custom visualizations (though modular visualizations are likely what you will want to use from now on)
  • etc.

That said, getting started on creating a Splunk Javascript view can appear a little daunting at first. It really isn’t that hard though. Keep reading and I’ll explain how to do it.

Parts of a Splunk Javascript View

Before we get started, lets outline the basic parts of a custom Javascript view:

Component Path Example Description
Javascript
» Continue reading

Another Update to Keyword App

It’s been three years since I first released the relatively simple Keyword app on Splunkbase and wrote an initial blog entry for it describing it followed by an updated entry. In summary, the Keyword app is a series of form search dashboards designed for Splunk 6.x and later that allow a relatively new user to type in keywords (e.g., error, success, fail*) and get quick analytical results such as baselines, prediction, outliers, etc. Splunk administrators can give this app to their users as is, use the app as a template to write their own keyword dashboards, or take the searches in the app to create new views.

For this update, I’ve used, fellow Splunker, Hutch’s icons to update the …

» Continue reading

Splunk Add-on > Where’s That Command – Converting a Field’s Hexadecimal Value to Binary

When looking through Splunk’s Search Reference Manual, there are a ton of search commands with their syntax, descriptions, and examples.  After all, if Splunk is the platform for machine data, there needs to be an extensive list of commands, functions, and references that guide Splunkers through the Search Processing Language (SPL).  But one would think that we had everything covered, right?  Well, almost….

I have a couple of great customers from the Houston, Texas area to thank for this.  Gabe and Andrew (you know who you are) are not only strong Splunkers, but frequent the Splunk Houston User Group (SHUG) meetings and are always looking for ways to expand their use of Splunk as well …

» Continue reading

MSaaS: A Conceptual Multi-Splunk Architecture Framework for Multitenant Splunk Deployments for MSPs, MSSPs and Enterprises

Organizations with large-scale, multitenant Splunk Enterprise deployments need to provide data segregation and access control for individual tenants to meet regulatory requirements or internal security policies. In addition, they need a scalable solution that can successfully handle the volume of data and the growing number of instances under management. These organizations strive to speed deployment and manage both deployment and upgrade risk, all while controlling administrative costs. They need a cost-efficient approach that reduces the marginal cost of each additional Splunk Enterprise instance and helps optimize their total cost of ownership of the platform.

Multiple Splunk as a Service (MSaaS) is an architectural framework that proposes a multi-instance approach to supporting multiple internal or external customers. Although multiple customers can

» Continue reading

Splunk in Space: Splunking Satellite Data in the Cloud

Hello all,

This year a Team of Splunkers attended the ESA App Camp 2015 in lovely Frascati, Italy. The topic of this year’s challenge was:

“There are thousands of ways to enrich apps with data from space – what’s yours?”

The Splunk team featured Robert Fujara and Philipp Drieger alongside with camp participants Claire Crotty and Anthony Thomas. Together the team created a mobile web app that accessed a Splunk Cloud instance to analyze geolocation-based satellite data and inform users about different environmental indicators across Europe. Users can input their preferences in terms of living environment and based on different indicators they then receive recommendations on which city or region would suit them best. 

The key data sources for this project

» Continue reading

docs.splunk.com – Redesigned and better than ever!

Here in the Splunk documentation team, our ties to the Splunk community motivate and energize us. You keep us honest and accurate, and your ongoing feedback helps make Splunk documentation great. We couldn’t do it without you, and more important, we wouldn’t want to!

A year ago, I came to .conf with some preliminary mockups of a redesigned docs.splunk.com. I talked with dozens of you, gathered your feedback, and we refined our plans so we could deliver as much of what you asked for as was humanly possible.

I am very pleased to announce that the new docs.splunk.com launches today. It incorporates both a new visual design and improved navigation. Let’s take a look.

landingpage

Overall, the look and feel …

» Continue reading

Tutorial: Let others work for you – Give them their data!

Recently I had a great discussion with some folks from the communbeach_chiar_pc_800_clr_3539ity –  they told me that in most cases the Splunkers within an organization are the ones with the best visibility and inform other departments about issues/problems/breaches. As a result their peers in the organizations want to have the same information advantage and visibility. However, often they are just interested in their own systems and services, not from others within a large organization.

What’s the easiest and fastest approach to give them the visibility they want?

The Answer: Lookups and drop down menus

Based on the Qualys App for Splunk Enterprise I’ll explain to you how you can modify an existing dashboard that shows all vulnerabilities and how to, for …

» Continue reading