What’s in store for Developers at .conf2014

In less then a week, .conf2014 kicks off at the MGM Grand in Las Vegas. As in past years, there won’t only be tons of great keynotes, sessions and training for the entire Splunk community, but also plenty of things tailored just for developers.

  • Once again, Splunk University starts off the week with hands-on training, including an intense Splunk App Developer Bootcamp
  • This year we’re introducing the Splunk Dev Lounge, a dedicated space for hacking on Splunk throughout the conference. All throughout the week, you’ll find members of the engineering and evangelist teams ready to answer any question or guide you in the right direction. We’ll also have chalk talk sessions (heavy on code, light on slides) led by Splunkers
» Continue reading

New support for authoring modular inputs in Node.js

Modular inputs allow you to teach Splunk Enterprise new ways to pull in events from internal systems, third party APIs or even devices. Modular Inputs extend Splunk Enterprise and are deployed on the Splunk Enterprise instance or on a forwarder.  In version 1.4.0 of the Splunk SDK for JavaScript we added support for creating modular inputs in Node.js!

In this post, I’ll show you how to create a modular input with Node.js that pulls commit data from GitHub into Splunk.

Why Node.js

Node.js is designed for I/O intensive workloads. It offers great support for streaming data into and out of a Node application in an asynchronous manner. It also has great support for JSON out of the box. Finally, Node.js has …

» Continue reading

Splunking Heroku

Heroku Dashboard I’m somewhat of a Heroku fan boy. I’ve been using it for some time because it is just so simple to deploy applications. However, I’ve never really looked too deeply into the logs produced by my apps via the command line. Que Spunk. In this post we’ll look at how you can start Splunking data from apps deployed in Heroku, and some recipes to visualise it using the SPL. …

» Continue reading

New Splunk Tools for .NET Developers

Today we’re releasing a new suite of tools for .NET developers so you can supercharge your .NET development with Splunkl!!

Supercharged

CC image Supercharger by Eaday on Flickr

This release is a continuation of our commitment to provide developers a rich platform for developing Splunk solutions.

  • C# SDK 2.0 –  A new, modern, C# SDK for building cross-platform solutions that consume Splunk’s API and/or which extend Splunk.
  • Logging libraries – These libraries allow you to easily wire logging in your existing .NET applications to send log data to Splunk via TCP or UDP. It provides .NET Trace Listeners as well as sinks for the Semantic Logging Application Block (SLAB).
  • Visual Studio Extension – This extension makes it really easy to get
» Continue reading

Exporting search results with Javascript / node.js

Recently I had a request internally for how to access the Export endpoint from Splunk from a node.js application. The Export endpoint is useful for exporting large amounts of data efficiently out of Splunk as it will stream the results directly rather than requiring you to continually poll for more results. It turns out we don’t support the Export endpoint currently in our JS SDK, but it is very easy do access it yourself using Mikael’s super simple request module.

A picture (or a snippet in this case) tells a thousand words. Below you can see how to export Splunk’s internal index. Once you start it up it will instantly start streaming. Make sure you have enough disk space, or …

» Continue reading

APP WALKTHROUGH: Workflow Actions

One of the best ways to learn is by example.  If you want to build your own Splunk app, one of the best things you can do is dissect other apps.

In the below youtube video, I slowly go through a simple but useful app that adds “workflow actions”, which allow you to write custom actions for events and their fields.  This video shows you how it works and how you can make apps like it.

I go line-by-line, file-by-file, explaining everything.  You will learn something.

» Continue reading

APP WALKTHROUGH: Writing a custom search command

One of the best ways to learn is by example.  If you want to build your own Splunk app, one of the best things you can do is dissect other apps.

In the below youtube video, I slowly go through a simple but useful app that adds a single search command: timewrap.

I go line-by-line, file-by-file, explaining everything.  You will learn something.

Youtube video: Splunk App Walkthrough: Timewrap

A few notes:

  • Yes, that’s a Hobbit movie poster behind me
  • It’s about 50 minutes long, most of it dealing with the details of the python search command.
  • Tell me if it was helpful, or what I could do to improve it.

» Continue reading

Announcing the Splunk developer tools for .NET Beta, a new day is dawning!

NewImage

 

 

 

 

 

 

 

 

 

 

 

 

 

https://www.flickr.com/photos/gnuckx/4772940241 

Several months back we posted that we were working on the next generation of the Splunk SDK for C#. Today, I am excited to announce the beta of our new .NET developer tools. This release includes a mini arsenal for .NET development including the new C# SDK, and much, much, more!

C# PCL SDK

As previously mentioned, this is a new C# SDK for developing cross-platform applications which integrate with and extend Splunk.
The SDK has two components that are both available on NuGet
  • Splunk.Client – This contains a C# portable library for performing Splunk searches, doing simple management tasks and for sending events over HTTP to
» Continue reading

routr : App that Shares Splunk Alerts on Social Media

What is routr ?

routr is a simple if-this-then-that workflow app to share Splunk alerts on your Twitter or Tumblr. It is easy to install, configure and run. This app is bundled together with a sample Splunk saved search that searches on failed login events to post a tweet on Twitter or an article on Tumblr whenever the alert is triggered from your Splunk instance. The search is triggered every 1 minute and looks for matching events in the relative past 1 minute.

Screen Shot 2014-08-01 at 2.07.20 AM   Screen Shot 2014-08-01 at 2.07.33 AM

Requirements to run this app ?

  1. Splunk installed
  2. Twitter and/or Tumblr account

How To Obtain Twitter OAuth And Access Tokens ?

  1. Sign up at Twitter if you are new to Twitter.
  2. Go to https://apps.twitter.com/
  3. Click at “Create New App”
» Continue reading

Splunk Command> Cluster

Being a Splunk sales engineer is incredible.  I get to talk to customers about their use cases, ‘Splunk’ their data, and together discover the insight Splunk provides them.  Initial demos typically start with the search bar, looking for keywords in their data.  Usually doesn’t take long before the “Ah Hah!” moment comes – either by using Splunk’s intuitive GUI to interact with extracted fields of interest or employing a very small subset of the 130+ search commands with in the search bar to gain operation intelligence not readily seen before.  At a recent customer visit I employed the Splunk on Splunk (S.o.S.) App, explored some of the underlying searches and noticed the cluster command, which I never used before.  …

» Continue reading