Protocol Data Inputs
It must have been about a year ago now that I was talking with a Data Scientist at a Splunk Live event about some of the quite advanced use cases he was trying to achieve with Splunk. That conversation seeded some ideas in my mind , they fermented for a while as I toyed with designs , and over the last couple of months I’ve chipped away at creating a new Splunk App , Protocol Data Inputs (PDI).
So what is this all about ? Well to put it quite simply , it is a Modular Input for receiving data via a number of different protocols, with some pretty cool bells and whistles.
So let’s break down some of …
The role hierarchy in splunk allows a user who has the ‘edit_user’ capability to create other splunk users and grant them any role including admin. But what if you want to delegate user creation to a ‘mini-admin’ who should be able to create only users but not more admins.
Starting 6.2, we have the concept of a delegated admin, who can create users who can only belong to a pre-provided list of roles. This is a way of enforcing the principle that users can only create other users with privileges that are a subset of their own.
Let us see how this can be achieved.…
Now Time For the Splunk Weather Forecast
If you were at .conf last week you would have likely seen some of the exciting Internet of Things projects people are using Splunk for. I think Ed Hunsinger put it best:
So far I’ve heard about @splunk being used for planes (Royal Flying Doctor), trains (New York Air Brake), and automobiles (VW). #splunkconf
Watching .conf 2014 from a far in the UK, I got excited about some of my own IOT projects. Then I remembered Brian Gillmore’s call for cool projects using Splunk with the RaspberryPi. At the same moment, by pure chance, I got an email telling me AirPi circuit boards (a RaspberryPi connected weather station) were back in-stock.
And it was settled. I would build a RaspberryPi …
Get your Community on at .conf2014!
Community is HUGE at Splunk, and we’re doing it up big at this year’s .conf with our own gigantic Community Lounge. Here’s a sampling of what’s in the works:
Masters of IRC panel discussion
Wednesday, Oct 8th 11am-12noon on the Community Stage
Join us for an informal panel discussion with 6-7 of our most knowledgeable, longtime customers from the #splunk IRC channel. They will be taking your questions and sharing best practices and stories from their long years of experience deploying and maintaining Splunk at scale. Bring your questions! Whisky optional, but recommended :).
Learn how to start your own Splunk User Group (and meet other people who do, too)
Wednesday, Oct 8th, 12:15pm – 12:45pm on the Community …
What’s in store for Developers at .conf2014
In less then a week, .conf2014 kicks off at the MGM Grand in Las Vegas. As in past years, there won’t only be tons of great keynotes, sessions and training for the entire Splunk community, but also plenty of things tailored just for developers.
- Once again, Splunk University starts off the week with hands-on training, including an intense Splunk App Developer Bootcamp
- This year we’re introducing the Splunk Dev Lounge, a dedicated space for hacking on Splunk throughout the conference. All throughout the week, you’ll find members of the engineering and evangelist teams ready to answer any question or guide you in the right direction. We’ll also have chalk talk sessions (heavy on code, light on slides) led by Splunkers
New support for authoring modular inputs in Node.js
In this post, I’ll show you how to create a modular input with Node.js that pulls commit data from GitHub into Splunk.
Node.js is designed for I/O intensive workloads. It offers great support for streaming data into and out of a Node application in an asynchronous manner. It also has great support for JSON out of the box. Finally, Node.js has …
I’m somewhat of a Heroku fan boy. I’ve been using it for some time because it is just so simple to deploy applications. However, I’ve never really looked too deeply into the logs produced by my apps via the command line. Que Spunk. In this post we’ll look at how you can start Splunking data from apps deployed in Heroku, and some recipes to visualise it using the SPL. …
New Splunk Tools for .NET Developers
Today we’re releasing a new suite of tools for .NET developers so you can supercharge your .NET development with Splunkl!!
CC image Supercharger by Eaday on Flickr
This release is a continuation of our commitment to provide developers a rich platform for developing Splunk solutions.
- C# SDK 2.0 – A new, modern, C# SDK for building cross-platform solutions that consume Splunk’s API and/or which extend Splunk.
- Logging libraries – These libraries allow you to easily wire logging in your existing .NET applications to send log data to Splunk via TCP or UDP. It provides .NET Trace Listeners as well as sinks for the Semantic Logging Application Block (SLAB).
- Visual Studio Extension – This extension makes it really easy to get
Recently I had a request internally for how to access the Export endpoint from Splunk from a node.js application. The Export endpoint is useful for exporting large amounts of data efficiently out of Splunk as it will stream the results directly rather than requiring you to continually poll for more results. It turns out we don’t support the Export endpoint currently in our JS SDK, but it is very easy do access it yourself using Mikael’s super simple request module.
A picture (or a snippet in this case) tells a thousand words. Below you can see how to export Splunk’s internal index. Once you start it up it will instantly start streaming. Make sure you have enough disk space, or …
APP WALKTHROUGH: Workflow Actions
One of the best ways to learn is by example. If you want to build your own Splunk app, one of the best things you can do is dissect other apps.
In the below youtube video, I slowly go through a simple but useful app that adds “workflow actions”, which allow you to write custom actions for events and their fields. This video shows you how it works and how you can make apps like it.
I go line-by-line, file-by-file, explaining everything. You will learn something.
Youtube video: Splunk App Walkthrough: Power Actions