Protocol Data Inputs

It must have been about a year ago now that I was talking with a Data Scientist at a Splunk Live event about some of the quite advanced use cases he was trying to achieve with Splunk. That conversation seeded some ideas in my mind , they fermented for a while as I toyed with designs , and over the last couple of months I’ve chipped away at creating a new Splunk App , Protocol Data Inputs (PDI).

So what is this all about ? Well to put it quite simply , it is a Modular Input for receiving data via a number of different protocols, with some pretty cool bells and whistles.

pdi

 

So let’s break down some of …

» Continue reading

Delegated admin

The role hierarchy in splunk allows a user who has the ‘edit_user’  capability to create other splunk users and grant them any role including admin.  But what if you want to delegate user creation to a ‘mini-admin’ who should be able to create only users but not more admins.

Starting 6.2, we have the concept of a delegated admin, who can create users who can only belong to a pre-provided list of roles. This is a way of enforcing the principle that users can only create other users with privileges that are a subset of their own.

Let us see how this can be achieved.…

» Continue reading

Now Time For the Splunk Weather Forecast

Raspberry Pi, Air Pi, and Splunk

If you were at .conf last week you would have likely seen some of the exciting Internet of Things projects people are using Splunk for. I think Ed Hunsinger put it best:

So far I’ve heard about @splunk being used for planes (Royal Flying Doctor), trains (New York Air Brake), and automobiles (VW). #splunkconf

@edhunsinger

Watching .conf 2014 from a far in the UK, I got excited about some of my own IOT projects. Then I remembered Brian Gillmore’s call for cool projects using Splunk with the RaspberryPi. At the same moment, by pure chance, I got an email telling me AirPi circuit boards (a RaspberryPi connected weather station) were back in-stock.

And it was settled. I would build a RaspberryPi …

» Continue reading

Get your Community on at .conf2014!

Community is HUGE at Splunk, and we’re doing it up big at this year’s .conf with our own gigantic Community Lounge. Here’s a sampling of what’s in the works:

Masters of IRC panel discussion

Wednesday, Oct 8th 11am-12noon on the Community Stage

Join us for an informal panel discussion with 6-7 of our most knowledgeable, longtime customers from the #splunk IRC channel. They will be taking your questions and sharing best practices and stories from their long years of experience deploying and maintaining Splunk at scale. Bring your questions! Whisky optional, but recommended :).

Learn how to start your own Splunk User Group (and meet other people who do, too)

Wednesday, Oct 8th, 12:15pm – 12:45pm on the Community

» Continue reading

What’s in store for Developers at .conf2014

In less then a week, .conf2014 kicks off at the MGM Grand in Las Vegas. As in past years, there won’t only be tons of great keynotes, sessions and training for the entire Splunk community, but also plenty of things tailored just for developers.

  • Once again, Splunk University starts off the week with hands-on training, including an intense Splunk App Developer Bootcamp
  • This year we’re introducing the Splunk Dev Lounge, a dedicated space for hacking on Splunk throughout the conference. All throughout the week, you’ll find members of the engineering and evangelist teams ready to answer any question or guide you in the right direction. We’ll also have chalk talk sessions (heavy on code, light on slides) led by Splunkers
» Continue reading

New support for authoring modular inputs in Node.js

Modular inputs allow you to teach Splunk Enterprise new ways to pull in events from internal systems, third party APIs or even devices. Modular Inputs extend Splunk Enterprise and are deployed on the Splunk Enterprise instance or on a forwarder.  In version 1.4.0 of the Splunk SDK for JavaScript we added support for creating modular inputs in Node.js!

In this post, I’ll show you how to create a modular input with Node.js that pulls commit data from GitHub into Splunk.

Why Node.js

Node.js is designed for I/O intensive workloads. It offers great support for streaming data into and out of a Node application in an asynchronous manner. It also has great support for JSON out of the box. Finally, Node.js has …

» Continue reading

Splunking Heroku

Heroku Dashboard I’m somewhat of a Heroku fan boy. I’ve been using it for some time because it is just so simple to deploy applications. However, I’ve never really looked too deeply into the logs produced by my apps via the command line. Que Spunk. In this post we’ll look at how you can start Splunking data from apps deployed in Heroku, and some recipes to visualise it using the SPL. …

» Continue reading

New Splunk Tools for .NET Developers

Today we’re releasing a new suite of tools for .NET developers so you can supercharge your .NET development with Splunkl!!

Supercharged

CC image Supercharger by Eaday on Flickr

This release is a continuation of our commitment to provide developers a rich platform for developing Splunk solutions.

  • C# SDK 2.0 –  A new, modern, C# SDK for building cross-platform solutions that consume Splunk’s API and/or which extend Splunk.
  • Logging libraries – These libraries allow you to easily wire logging in your existing .NET applications to send log data to Splunk via TCP or UDP. It provides .NET Trace Listeners as well as sinks for the Semantic Logging Application Block (SLAB).
  • Visual Studio Extension – This extension makes it really easy to get
» Continue reading

Exporting search results with Javascript / node.js

Recently I had a request internally for how to access the Export endpoint from Splunk from a node.js application. The Export endpoint is useful for exporting large amounts of data efficiently out of Splunk as it will stream the results directly rather than requiring you to continually poll for more results. It turns out we don’t support the Export endpoint currently in our JS SDK, but it is very easy do access it yourself using Mikael’s super simple request module.

A picture (or a snippet in this case) tells a thousand words. Below you can see how to export Splunk’s internal index. Once you start it up it will instantly start streaming. Make sure you have enough disk space, or …

» Continue reading

APP WALKTHROUGH: Workflow Actions

One of the best ways to learn is by example.  If you want to build your own Splunk app, one of the best things you can do is dissect other apps.

In the below youtube video, I slowly go through a simple but useful app that adds “workflow actions”, which allow you to write custom actions for events and their fields.  This video shows you how it works and how you can make apps like it.

I go line-by-line, file-by-file, explaining everything.  You will learn something.

» Continue reading