Zillow developing on Splunk
The Splunk Developer platform allows extending the capabilities of Splunk Enterprise by building your custom solutions. One of the ways to extend Splunk is to implement custom search commands, effectively extending Splunk Search Processing Language (SPL). Custom search commands are programs that allow you to stream or report on data.
In a recent Seattle Splunk User Group meeting, Bernie Macias and Jerome Ibanes of Zillow provided an overview of custom search commands, discussed the anatomy of a command, and provided a deep dive into building and packaging them. They demonstrated real-world usage of custom search commands at Zillow.
You can read Bernie’s indepth post on the Zillow blog: Splunk at Zillow
For additional guidance on custom search commands and …
Caching Hadoop Data with Splunk and Hunk
Although Hadoop is good at processing a large amount of data, it is not the fastest platform. Below are a list of options that Splunk and Hunk can offer to speed up the retrieval of results and lower the processing overhead of Hadoop.
Each option has its own advantages:
1) Hunk Report Acceleration
This option caches the results in HDFS and keeps it fresh and current. By default, Hunk will check for new Hadoop data every 10 minutes.
2) Hunk Scheduled Searches
This option caches the results on the Hunk node and is available on the Search head for double the frequency of the schedule. For example, if you schedule the search to run every 4 hours, the results …
Integrating Splunk with Docker, CoreOS, and JournalD
Hal here, your friendly Lorax and developer evangelist! I wanted to share with everyone a guest post from a Splunker whom I met and see regularly at the Metro Atlanta Splunk User Group, Robert Labrie. Robert is a DevOps Engineer at The Network Inc, a company which builds solutions that prevent, detect and remediate misconduct to help companies maintain ethical cultures.
This post is about how Robert approached building out a new architecture, and of course, how to index the data generated by all of the components. Without further ado, take it away, Robert!
The team at TNWDevLabs started a new effort to develop an internal SaaS product. It’s a greenfield project, and since everything is new, it let us …
The Splunk Apptitude App Contest to give out $150,000 in prizes
The RSA Conference 2015 is in full swing here in San Francisco, and Splunk is out in force. With so much news coming out of the conference, it’s easy for things to get lost in the shuffle so I wanted to let you all know the what, why, when and how about the new Splunk Apptitude App Contest that we announced this morning.
The Splunk Apptitude App Contest is an online competition designed to find the next big app using Splunk software. Whether it’s the next cutting edge visualization, or a highly technical security app – we want your big ideas. And we’ll give you more than just bragging rights, we’ll give you cash.
The Splunk Apptitude contest serves …
Splunk supporting the .NET Fringe conference
Next week, we’re heading down to Portland to attend .NET Fringe. This is an event focused on a lot of cool stuff happening in the .NET Community around OSS. As an active member of the .NET OSS community, maintainer of several OSS projects and one of the organizers of the event, I am obviously really excited to see this happen. I am equally excited to see that Splunk has stepped up to the plate as a Platinum sponsor to help make this a reality. Events like this take a lot of funds to do them right and Splunk is there!
Having a strong .NET ecosystem around open source is valuable to us and Splunk cares greatly about where …
Troubleshooting connectivity issues to Splunk’s API from the SDK
A common problem we see customers struggle with is how to diagnose connectivity issues with any of our SDKs. In this post, I’ll show you a few tried and true practices that can help you figure out what might be going wrong.
There are two main families of errors folks see. One has to do with general connectivity / connection info, and the other has to do with security config on the client.
General connectivity issues
This means that you are unable to succesfully connect to the API. The best way I find to diagnose is to drop to a terminal and use curl to login to the Splunk API and see the results. The command to use is:
New features and APIs
- Added Service.getJob() method for getting a Job by its sid.
- Added Service.ConfigurationFile.getDefaultStanza() method for getting the [default] stanza of a conf file.
- Updated the GitHub commits example to show this functionality.
- The node/helloworld/get_job.js example shows how to get a Job by its sid.
- The node/helloworld/endpoint_instantiation.js example
Announcing the Splunk Developer Guidance
Greetings, Splunk Developer Community!
This week we are announcing the new Splunk Developer Guidance program at the Splunk Partner Summit Americas 2015. The main objective is to provide our developer community with tools and guidance to build amazing apps on the Splunk platform and enrich users’ experience in gaining insights from their machine data – where ever it might come from and whatever domain they might be specializing in! We are fully aware that the first thing most devs are looking for is code that they can take apart, learn from, and reuse. That’s why we built reference apps for you. The reference apps are complete, end-to-end, real-world apps built with our partners that are meant to showcase various underlying …
git commit -a -m “Splunking Github Blog”
I <3 Github. Splunk <3’s Github (check out our repos here). I am told it is just a coincidence our HQ is opposite theirs.
One of the neat things about Github I am just starting to explore is their API. You can use it to do loads of things, from interrogating user activity to searching for keywords within code. I recently saw this analysis of the most popular programming languages hosted on Github and I was inspired to recreate it within Splunk.
Indexing Github data into Splunk makes it super-simple to start exploring it. In this post I wanted to show you some of my first experiments connecting Splunk into the Github API.…
Splunk App for Salesforce
Do you manage a Salesforce environment and would like to analyze who is accessing what? Would you like to find out who is exporting sensitive data? Would you like to detect any Salesforce related suspicious activities or any slow running reports, dashboards, SOQL queries?
If the answer to the above is yes, you should check out the Splunk App for Salesforce which has been recently released as a service on Splunk Cloud. This App relies on the Salesforce Event Log File that exposes Salesforce access logs. In addition to that, you can also leverage this app to collect and index any data from the standard Salesforce objects. In other words, you can use this app to index structured and unstructured salesforce data.