Deploy your own Splunk cluster on AWS in minutes!

Given Splunk Enterprise is a flexible operational intelligence platform, our users adopt it in various forms: from using it as a cloud service with Splunk Cloud, to deploying it on-premise in their own datacenter, or in their own cloud environment such as AWS.

Since Splunk is about turning machine data into valuable insights in as little time as possible, we always strive for that speed element in all aspects of our product usage:

TimeToValueFlowchart

“80% of my time used to be spent on setting up Splunk, now I spend 80% of my time getting value out of Splunk”

Abdallah Mohammed,
Data Architect, Intuit CTO Dev

In that same spirit, we’re delighted to announce the release of Splunk AWS CloudFormation templates as …

» Continue reading

Call for Splunk C# SDK Advisory Board members

Summary

We are starting to set up advisory boards for our developer assets in order to engage more regularly with our developer communities. The first up is the C# SDK Advisory Board, since this is the one we are redesigning now. Our objective with the redesign is to leverage the latest .NET Framework advancements. We are looking for both subject matter experts and passionate novices, and we want people across a wide variety of industries.

What do we hope to gain from an advisory board?

The C# SDK advisory board is a representative body for the community of .NET developers interested in the Splunk platform – either leveraging it for their own use or partnering with us and extending the …

» Continue reading

Splunk’s SDK for C# vNext: modern, scalable and portable

Since we released our first version of the Splunk SDK for C# for .NET 3.5, we’ve seen healthy adoption and it’s become one of our most highly used SDKs. Since that time, the .NET Framework has continued to evolve, offering a better language experience for building scalable applications, and supporting more platforms where you can run .NET applications including .NET 4.5, Windows Phone, Windows 8/RT and additional platforms with Xamarin.

A new version of our C# SDK

I am excited to announce that we are developing a new version of our C# SDK, version 2.0, which we are designing from scratch to leverage the modern advances of .NET and C#!

Here are our core high-level goals.

  • Modern standards –
» Continue reading

Reflections on a Splunk developer’s journey : Part 2

Why should you develop ?

In “Reflections on a Splunk developer’s journey : Part 1″ I shared some of my experiences of developing and supporting Splunk Community Apps and Add-ons over the years.

But WHY did I choose to develop and WHY should you choose to develop and start your foray the Splunk developer ecosystem?

Well the reasons for developing are going to be different for everyone depending on your motives. You might be a business or you might just be an individual community collaborator.

The reasons I started developing were because I discovered Splunkbase (now Apps / Answers) and realized that it was a great forum for collaborating and getting involved with the “Big Data” community to use …

» Continue reading

Announcing the Splunk Add-on for Check Point OPSEC LEA 2.1.0

Check Point administrators rejoice, Splunk Add-on for OPSEC LEA 2.1.0 has been released! The free update provides useful improvements to almost every aspect of the add-on.

 

User Interface

The old OPSEC interface has been completely overhauled and streamlined. The interface is no longer stuck in the past and should look right at home on your Splunk 6 search heads.

manage

 

The manage connections page now offers a much more powerful overview of your Check Point connections. As you can see on the screenshot, every connection has a set of metrics available. These differ based upon the connection type. An audit connection displays the timestamp of the last event collected. A normal connection displays throughput over the last 24 hours …

» Continue reading

Reflections on a Splunk developer’s journey : Part 1

It seems like only yesterday

…that I was writing my first Splunk App. It was the openness and extensibility of the Splunk platform that attracted me to this pursuit in the first place, and when I discovered the thriving community on Splunkbase (now called Splunk Apps / Answers), I just had to contribute. 12,000+ downloads across 9 different freely available community offerings later, I am feeling somewhat reflective. So in this 2 part blog series I want to share with you some of my lessons learned from developing and supporting Splunk community Apps/Add-ons (part 1) and then some musings on why you should consider developing Splunk Apps/Add-ons yourself and contribute to the Splunk developer ecosystem (part 2).

Some lessons learned…

» Continue reading

Building custom search commands in Python part I – A simple Generating command

Custom search commands in our Python SDK allow you to extend Splunk’s search language and teach it new capabilities. In this and other upcoming posts we’re going to look at how to develop several different search commands to illustrate what you can do with this.

In this post, we’re going to focus on building a very basic Generating command.  A generating command generates events which can be from any source, for example an internal system, or an external API. We’re going to create a GenerateHello command that will generate Hello World events based on a supplied count. The command is not very useful in itself, but it is a quick way to see how you can author custom commands.

Below …

» Continue reading

Splunk as a Recipient on the JMS Grid

A number of years ago, I was fascinated by the idea of SETI@home. The idea was that home computers, while idling, would be sent calculations to perform in the search for extraterrestrial life. If you wanted to participate, you would register your computer with the project and your unused cycles would be utilized for calculations sent back to the main servers. You could call it a poor man’s grid, but I thought it of it as a massive extension for overworked servers. I thought the whole idea could be applied to the Java Messaging Service (JMS) used in J2EE application servers.

Background

Almost a decade ago, I would walk around corporations at “closing” time and see a mass array …

» Continue reading

Using Splunk as a data store for developers

A number of years ago, I wrote a blog entry called Everybody Splunk with the Splunk SDK, which succinctly encouraged developers to put data into Splunk for their applications and then search on the indexed data to avoid doing sequential search on unstructured text. Since it’s been a while and I don’t expect people to memorize the dissertations of ancient history (to paraphrase Bob Dylan), I’ve decided to write about the topic again, but this time in more detail with explanations on how to proceed.

Why Splunk as a Data Store?

Some may proclaim that there are many no-sql like data stores out there already, so why use Splunk for an application data store? The answers point to simplicity, …

» Continue reading

Splunk’s New Web Framework, Volkswagen’s Data Lab, and the Internet of Things.

There are many incredible features in Splunk 6. Pivot, Data Models and integrated maps really stole the show at .conf2013. But I really have to give credit to our developer team in Seattle for the massive leap forward in user interface possibilities with the addition of the integrated web framework, which is included in Splunk 6 but is also available as an app download for Splunk 5.

In the midst of all that Splunk 6 excitement at .conf, I was introduced (at the Internet of Things pavilion) to the team at Volkswagen Data Lab, and had some great discussions with them about their interest in using Splunk as a  platform for the management, analysis, and visualization of data from …

» Continue reading