Show Me Your Viz!

Have you just download Splunk 6.4 and asked yourself what’s new and awesome? Have you ever built a dashboard with a custom visualization and wanted to share that with someone or easily replicate it somewhere else? Have Splunk’s core visualizations dulled your senses?

Reader, please meet Splunk 6.4 Custom Visualizations. Are you besties yet? If not, you two will be making sweet love by the end of this article.

I’m going to walk you through a Custom Visualization app I recently wrote and lay it all out there. I’m going to talk about why building these visualizations in Simple XML and HTML are a pain in your ass and how the API’s make your life easier. I’m going to …

» Continue reading

Building add-ons has never been easier

Speaking from personal experience, building add-ons had never been the easiest task for me. There are numerous steps required, and each step may come with its owns challenges. Worse, I might spend time on a solutions just to hear it wasn’t best practice.

Wouldn’t it be great if there was a way to make this process easier by equipping developers, consultants, and Splunk Admins with the right tool to build their own add-ons? To take it a step further, wouldn’t it be even better if this tool actually helps you build the add-on by following tried and true best practices?

Allow me to introduce you to the Splunk Add-on Builder that helps to address the challenges highlighted above. Splunk Add-on …

» Continue reading

Splunking Microsoft Azure Audit Data

Azure We recently made available a community-supported Splunk Add-on for Microsoft Azure, which gives you insight into Azure IaaS and PaaS. I am happy to announce that this add-on now includes the ability to ingest Azure Audit data. The idea behind Splunking Azure Audit logs is to be able to tell who did what and when and what events might impact the health of your Azure resources.  In this blog post, I will detail what we are collecting, how to use the data, and what is coming next for the add-on.

What are we collecting?

This update adds a new modular input to your Splunk environment:

AzureAuditInput

 

This modular input grabs data using the Azure Insights Events API.

How to

» Continue reading

Splunking Microsoft Azure Data

AzureThere are a lot of services in Microsoft Azure, and a lot of those services are producing machine data. Hal Rottenberg wrote a post covering several of these services and some ways to integrate Splunk with Microsoft Azure. We recently released a new cross-platform Azure add-on that consumes data for some IaaS and PaaS services. In this blog post, I will detail what we are collecting, how to use the data, and what is coming next for the add-on.

What are we collecting?

The add-on ships with three modular inputs:

  1. Azure Diagnostics – this input collects data from an Azure Storage account that contains virtual machine diagnostic information.
  2. Azure Website Diagnostics – this input collects server and application data for Azure
» Continue reading

Another Update to Keyword App

It’s been three years since I first released the relatively simple Keyword app on Splunkbase and wrote an initial blog entry for it describing it followed by an updated entry. In summary, the Keyword app is a series of form search dashboards designed for Splunk 6.x and later that allow a relatively new user to type in keywords (e.g., error, success, fail*) and get quick analytical results such as baselines, prediction, outliers, etc. Splunk administrators can give this app to their users as is, use the app as a template to write their own keyword dashboards, or take the searches in the app to create new views.

For this update, I’ve used, fellow Splunker, Hutch’s icons to update the …

» Continue reading

Announcing Splunk Enterprise in Microsoft Azure Marketplace

AzureWe are pleased to announce the release of Splunk Enterprise in Microsoft Azure Marketplace!

Now Azure customers can deploy and purchase Azure-certified Splunk Enterprise clusters in minutes, with the entire point-and-click workflow contained within their Azure portal.

This Bring-Your-Own-License offering on Azure IaaS, provides Splunk customers another platform for self-managed Splunk deployments in addition to on-premise and other public cloud deployment options.

 

What can Splunk Enterprise in Azure Marketplace do for you?

Our mission at Splunk is to make machine data accessible, usable and valuable to everyone. We strive to turn machine data into valuable insights in as little time as possible to help businesses in their journey towards operational intelligence:

Time to value flowchart

Splunk Enterprise in Azure Marketplace enables and

» Continue reading

Excelling with Excel in Splunk

Hey all,

if you didn’t already know that you can heavily customize Splunk through our open developer framework you should check it out. You can even develop and introduce new search commands. This particular blog illustrates this with an example where business people wanted to have excel files with reports mailed to them from Splunk.
ExcelYou might already know that Splunk enables you to connect Excel directly to Splunk with the ODBC Connector for Windows, as well as enabling you to export with outputcsv a csv file. Dominique from Helvetia Insurance has developed a Splunk TA that is freely available on Splunkbase which allows you to import, export and e-mail data in XLS format.

Dominique notes that, “If tabular reports

» Continue reading

Remote Images Retrieval With Splunk Using Custom Command “getimage.py”

Every once in a while my customers ask for a functionality that is not natively supported by Splunk. Out of the box Splunk is a very capable platform, however, there are certain tasks Splunk is not designed for. But that never stops a Splunker from finding a solution! The use-case I am about to discuss in this blog is an example of that: The customer owns large chain of pharmacies across the country, the bulk of the stores transactions end up in Hadoop Data Lake; the customer wants to use Hunk/Splunk to visualize and analyze the massive amount of information collected, which is something Hunk can do easily. The challenge came about when I was asked if Splunk could show …

» Continue reading

Splunk Add-on > Where’s That Command – Converting a Field’s Hexadecimal Value to Binary

When looking through Splunk’s Search Reference Manual, there are a ton of search commands with their syntax, descriptions, and examples.  After all, if Splunk is the platform for machine data, there needs to be an extensive list of commands, functions, and references that guide Splunkers through the Search Processing Language (SPL).  But one would think that we had everything covered, right?  Well, almost….

I have a couple of great customers from the Houston, Texas area to thank for this.  Gabe and Andrew (you know who you are) are not only strong Splunkers, but frequent the Splunk Houston User Group (SHUG) meetings and are always looking for ways to expand their use of Splunk as well …

» Continue reading

An Hour of Code with Splunk

HourOfCode1

The Hour of Code is a global effort to educate children in more than 180 countries with as little as one hour of computer science. Held as part of Computer Science Education Week (December 7-13), the most recent Hour of Code included more than 198,473 events around the world. And this year, several Splunkers taught sessions in events across the country.

Here in the Seattle Area, Shakeel Mohamed, one of our engineers, taught sessions on Lightbot and Minecraft at Rainier View Elementary School, and I had the pleasure of teaching approximately 150 students at Ingraham High School an hour about log / time-series data and how to mine it with Splunk. The courses are a challenging mix of students …

» Continue reading