Blogs: Dev

Brothers and sisters of the Splunk persuasion, I present to you the Splunk App-of-the-month contest!

*Applause*

This is not your hipster’s app contest – this is a contest about Getting. Stuff. Done.

*Applause*

This is a contest about taking all the cool stuff you already do with Splunk, and showing it off for the world to see! On Splunkbase!

*Applause*

This is a contest about rewarding those who create the coolest, most useful apps on Splunk – and everyone’s a winner!

*Applause*

So come one, come all, package your field extractions, views, dashboards, scripted inputs, and other Splunk mods into apps or add-ons for Splunkbaaaaaaaase! Contest begins on August 1 – enter as often as you wish!

Splunk 4.1 re-introduced a feature called workflow actions, that allows users of Splunk Web to click on a drop down next to a field to send the field as an argument to a remote HTTP server via POST or GET. The 4.1 version is much improved in that the administration and authorization of the feature can be done via Splunk Manager, workflow actions can be set for entire events as well as fields, and one of actions of clicking on the drop down can initiate a new Splunk Search rather than make a remote HTTP call.

This provides an incredibly easy way to integrate external web sites with events and fields in your data. For instance, if one of the fields…

Its been a couple of years since I first created the current weather conditions app that is on Splunkbase, so I decided to do something similar that is a little more timely. Current weather conditions are nice events to index as they give a time line for how things are going at a particular location and provide a basis for trend analysis. However, they do not provide insight into upcoming severe weather, which are more important events to track.

Fortunately, the weather underground provides a REST API to gather severe weather alerts using a zip code. I built a scripted input Python script to gather these alerts and the standard output of each call is indexed by Splunk. The script is invoked in a…

As part of our continuing open-source efforts here at Splunk, we’ve released the Eloqua PHP SDK that we’re using internally under the Apache License, version 2. We’re always very excited whenever we can contribute code back to the community, and this is certainly no exception! The SDK abstracts away a lot of the complexity inherent in dealing with SOAP, allowing developers to focus strictly on the API itself. The SDK also provides a workaround for a PHP bug in the native SOAP client where constructors don’t get called when instantiating classes mapped to SOAP types.

The tarball is available on Google Code, and example code for every SOAP method call is available in the documentation.

As some of you may have seen in a recent press release, Splunk is investing in a new solutions team. This is a team dedicated to building out apps, documentation and best practices that enable turnkey solutions to specific problems on Splunk. We have a number of open jobs for people who are or are ready to quickly learn to rapidly customize Splunk for specific use cases – this involves writing searches, customizing Splunk’s UI to create custom dashboards and search views, and configuring data inputs and knowledge. We also have open jobs for technical writers who are capable of writing in depth how-tos for other use cases – taking our documentation from the nuts and bolts of using our…

Free users, were the tips driving you crazy? Yeah, they were a little content lite. We know, and we’re sorry.

It’s no secret that we’re trying to grow the Splunk community. To do that, we’re experimenting with new ways to reach out to our customers, give them new information, make them better and more productive Splunkers. One way we thought of to do that was to provide helpful tips. The Free product seemed like a good place to try that out.

But it turns out writing good tips is hard. I got jibed that they were too much like our website, and not enough nuts and bolts. Not everyone was happy; many of you turned them off.

… all that end user attention has been exciting and all, it has only inflamed our conflict with the ancient enemy of user productivity: The Login Screen.

Today we are releasing version 4.1 of our search engine and it comes with one of the coolest features in our short history. As of v4.1, any search or report can be run in real-time – that means real-time updating charts and dashboards or “tail –f” across hundreds or thousands of sources. Any search or report you can type into Splunk can be run as a real-time search, and once you try it you will see why search is never going to be the same.

Interestingly, it’s consumer search that is pushing search into real-time. Twitter and other short message services, location bases services, to name a few are forcing search to operate in “real-time” or very close to it. A…

If you are familiar with SQL and think in SQL, this quick comparison might be helpful for you to dive into the Splunk search language. Splunk is not a database, in the normative sense, but there are enough similar concepts between the Splunk and the database worlds that this quickstart makes sense.

    Splunk for SQL Users

Splunkbase, a project near and dear to my heart, has re-launched on splunkbase.com.  Behind the scenes, Splunkbase has been running all along, as it is what handles app browsing and installation in the product, but we’re thrilled to open the site once again to the community, as the redeployment of Splunkbase was requested by Splunkers around the world.  For those folks who have never visited the site, it’s our interface to share Splunk Apps you’ve built with the community, and to download apps built by fellow community members, Splunk partners, and Splunk engineers here at HQ.

We’ve given a facelift to most areas of the site, but we’ve kept the previous 3.x UI active under the Archive tab, where you’ll you can download…