What are Splunk Apps and Add-Ons ?

If you have ever uploaded a contribution to Splunk Apps you’ll see the following option : app_addon   But what does this really mean ? What is the difference between an App and an Add-on ? Both are packaged and uploaded to Splunk Apps as SPL files and then to install them in your Splunk instance you simply untar the SPL file into etc/apps .But the content and purpose of Apps and Add-ons certainly differ from one another.


An Add-on is typically a single component that you can develop that can be re-used across a number of different use cases.It is usually not specific to any one single use case.It also won’t contain a navigable user interface.You cannot open an Add-on from …

» Continue reading

Splunking Social Media: Tracking Tweets


So you use Twitter and have heard Splunk can do “Big Data”. By tapping into Twitter’s API you can use Splunk to investigate the stream of tweets being generated across the globe.

The great thing about using Splunk to do this is that you have complete control of the data meaning it’s incredibly flexible as to what you can build. A few basic ideas I’ve had include tracking hashtags, following specific influencers, or tracking tweets by location in real-time.

What’s more, it takes a matter of minutes before you can start analysing the wealth of data being generated. This post will show you how.…

» Continue reading

Splunk Alerts: Using Gmail, Twitter, iOS, and Much More


With no programming required!

One of the great features about Splunk is its built in alerting functionality. You can configure Splunk alerts to do just about anything, from sending an SMS to integrating them with another app, like ServiceNow for example.

Most Splunk users will probably want to configure alerts via email at some point. If you don’t have your own mail server you can use web based mail services like Gmail to do this. In this post we’ll explore how you can set this up and some neat ways in which you can extend upon native Splunk alerts.…

» Continue reading

Quantified Splunk: Tracking My Vital Signs


Last year Splunker, Ed Hunsinger, wrote a great post titled, “Go Splunk Yourself“, in which he shows how he’s using Splunk to track data from devices including a Fitbit, a Nike Fuelband, a Basis Band, and a Garmin GPS watch to name just a few!

Like Ed, I use a number of tracking devices and I use Splunk to analyse the data they produce. Recently – as my friends and colleagues will tell you – I’ve taken this concept of self-tracking to the next level. This has included purchasing both a blood sugar and a blood pressure monitor.

After a few weeks collecting the data I’ve uncovered some interesting trends. If you’re interested what I’ve found or how you can …

» Continue reading

Splunking the World Cup 2014: Real Time Match Analysis


As an Englishman I’ve been waiting months – with very high expectations – for the World Cup to come around. Reading fellow Splunker, Matt Davies’ blog post titled, “Splunking World Cup 2014. The winner will be…“, only heightened my excitement.

The tournament is now going into the second week and I’ve been starting to look at the teams, players, and tournament more closely. Which stadium holds the most people? Who’s the top scorer? Which referee hands out the most cards?

With these questions fresh in my mind I opened up Splunk and began to have a look at the huge amounts of information being streamed from the tournament. For this post I’m going to explore real-time match updates; including teams, …

» Continue reading

Deploy your own Splunk cluster on AWS in minutes!

Given Splunk Enterprise is a flexible operational intelligence platform, our users adopt it in various forms: from using it as a cloud service with Splunk Cloud, to deploying it on-premise in their own datacenter, or in their own cloud environment such as AWS.

Since Splunk is about turning machine data into valuable insights in as little time as possible, we always strive for that speed element in all aspects of our product usage:


“80% of my time used to be spent on setting up Splunk, now I spend 80% of my time getting value out of Splunk”

Abdallah Mohammed,
Data Architect, Intuit CTO Dev

In that same spirit, we’re delighted to announce the release of Splunk AWS CloudFormation templates as …

» Continue reading

Call for Splunk C# SDK Advisory Board members


We are starting to set up advisory boards for our developer assets in order to engage more regularly with our developer communities. The first up is the C# SDK Advisory Board, since this is the one we are redesigning now. Our objective with the redesign is to leverage the latest .NET Framework advancements. We are looking for both subject matter experts and passionate novices, and we want people across a wide variety of industries.

What do we hope to gain from an advisory board?

The C# SDK advisory board is a representative body for the community of .NET developers interested in the Splunk platform – either leveraging it for their own use or partnering with us and extending the …

» Continue reading

Splunk’s SDK for C# vNext: modern, scalable and portable

Since we released our first version of the Splunk SDK for C# for .NET 3.5, we’ve seen healthy adoption and it’s become one of our most highly used SDKs. Since that time, the .NET Framework has continued to evolve, offering a better language experience for building scalable applications, and supporting more platforms where you can run .NET applications including .NET 4.5, Windows Phone, Windows 8/RT and additional platforms with Xamarin.

A new version of our C# SDK

I am excited to announce that we are developing a new version of our C# SDK, version 2.0, which we are designing from scratch to leverage the modern advances of .NET and C#!

Here are our core high-level goals.

  • Modern standards –
» Continue reading

Reflections on a Splunk developer’s journey : Part 2

Why should you develop ?

In “Reflections on a Splunk developer’s journey : Part 1″ I shared some of my experiences of developing and supporting Splunk Community Apps and Add-ons over the years.

But WHY did I choose to develop and WHY should you choose to develop and start your foray the Splunk developer ecosystem?

Well the reasons for developing are going to be different for everyone depending on your motives. You might be a business or you might just be an individual community collaborator.

The reasons I started developing were because I discovered Splunkbase (now Apps / Answers) and realized that it was a great forum for collaborating and getting involved with the “Big Data” community to use …

» Continue reading

Announcing the Splunk Add-on for Check Point OPSEC LEA 2.1.0

Check Point administrators rejoice, Splunk Add-on for OPSEC LEA 2.1.0 has been released! The free update provides useful improvements to almost every aspect of the add-on.


User Interface

The old OPSEC interface has been completely overhauled and streamlined. The interface is no longer stuck in the past and should look right at home on your Splunk 6 search heads.



The manage connections page now offers a much more powerful overview of your Check Point connections. As you can see on the screenshot, every connection has a set of metrics available. These differ based upon the connection type. An audit connection displays the timestamp of the last event collected. A normal connection displays throughput over the last 24 hours …

» Continue reading