SMS Alerting from Splunk with Twilio

Modular Alerts

With the release of Splunk 6.3 comes an exciting new feature called Modular Alerts.

Historically the alerting actions in Splunk have been limited to Email, RSS and if you wanted to perform some custom alerting functionality then you could execute a Custom Script.

Whilst many Splunk Ninjas over the years have accomplished all sorts of amazing Kung Fu by wrangling with custom alerting scripts , they are ultimately not the most optimal approach for users and developers.

  • manual setup
  • no configuration interface
  • need file system access
  • loosely coupled to Splunk
  • no common development or packaging standard

So what if you want more alerting actions that you can plugin and present as first class alerting actions in your Splunk instance.

Well …

» Continue reading

Using The SplunkJS Stack – Part 1

I’ve recently helped a customer integrate the SplunkJS stack into their own custom web application. I wanted to spread the knowledge so others could learn as well.

What is the SplunkJS stack you ask? The SplunkJS stack is a component of the Splunk Web Framework that allows web developers to create apps in their own development environment allowing them to access and manipulate Splunk data. This allows you greater flexibility over the look and feel of your app, including the use of third party visualization tools like D3 and Keylines.

This blog post will be a three part series. I will be covering the following topics in detail.

  • Authentication to Splunk using a local proxy or CORS (covered in
  • » Continue reading

    Collecting docker logs and stats with Splunk

    I’m working at Splunk, but this is my personal thoughts. I have some knowledge about Splunk obviously, but you should not consider this as an official Splunk manual. Everything I did here – I did only for my personal needs and my free time.

    You cannot really feel safe for the services you run if you don’t monitor them. There are plenty of great tools which allow you to monitor your docker environments, like cadvisor and some other cloud solutions. I did not want to use cloud solutions, because they can also upload some sensitive information, like environment variables, where I could keep passwords for AWS backups. So I wanted to use something like cadvisor, but with historical information and …

    » Continue reading

    Raise a Glass to Splunk Apptitude Winners

    With the grand prize of $100,000 being awarded to the Fraud and Insider Threat category, it was only appropriate to announce the winners at Blackhat 2015 – one of the largest security conferences in the world. And though all of the winners couldn’t make it on short notice – they were coming from all over the globe, one even sending a video from the peaks of the Swiss Alps.

    We received a great mix of submissions from customers, partners, and even some Splunk newbies. This really was a great showing of the breadth and varied experience of our users and developer community, as well as the creativity that can only come from a field from such varied experience and location.…

    » Continue reading

    DIY 0 to 60 with Splunk in 3 steps

    A lot of folks (particular developers) often ask me how to get started with building an app in Splunk? Many of the askers have no previous exposure to Splunk. Here are the steps I recommend:

    • Download Splunk: You’ll get 500 megs data ingest a day for free, which is plenty to start!
    • Do the search tutorial. It covers all the basics end to end, from ingesting data, to searches, to dashboards. By the end of the tutorial you will get a good sense of what you can do with Splunk itself.
    • Follow the fantastic new developer guidance for apps. We worked with real partners and have documented the entire journey of building an app, and captured those learnings for you
    » Continue reading

    Building Splunk Solutions

    Building Splunk Solutions coverSplunk is delighted to announce the publication of the new developer guide: Building Splunk Solutions.

    This authoritative guidance is built by developers for developers.
    Splunk Enterprise is a highly-efficient platform for searching, analyzing, and monitoring all of your machine data from any source. While being very powerful out of the box, there is a lot of additional value that Splunk can offer through the apps and solutions that extend and enrich the capabilities of the Splunk core.

    This guide follows a Splunk software engineering team on a journey to build a solution, focusing on the real world partner use cases showcasing various capabilities of the Splunk Developer Platform. Like a documentary, it captures our story from envisioning and user …

    » Continue reading

    Splunk Apptitude App Contest: Hear from previous winners and enter now

    Screen Shot 2015-04-20 at 3.35.48 PM

    The Splunk Apptitude App contest is entering its final month and there’s still time for you to enter for a chance to win up to $150,000.

    Earlier this month we were fortunate to catch up with past winners Erica Feldman, Rich Acosta and Chris Summers to discuss their entries and to gain some insight into their participation.

    Other than the obvious financial incentives, what was it that attracted you to the Splunk Apptitude contest?

    Chris: I’ve been working with SCCM for about 12 years so it’s a product I’m very familiar with. I’d been wanting to work with Splunk for a long time and I saw this an opportunity to finally get to know the product. I wanted

    » Continue reading

    Zillow developing on Splunk

    zilllowThe Splunk Developer platform allows extending the capabilities of Splunk Enterprise by building your custom solutions. One of the ways to extend Splunk is to implement custom search commands, effectively extending Splunk Search Processing Language (SPL). Custom search commands are programs that allow you to stream or report on data.

    In a recent Seattle Splunk User Group meeting, Bernie Macias and Jerome Ibanes of Zillow provided an overview of custom search commands, discussed the anatomy of a command, and provided a deep dive into building and packaging them. They demonstrated real-world usage of custom search commands at Zillow.

    You can read Bernie’s indepth post on the Zillow blog: Splunk at Zillow

    For additional guidance on custom search commands and …

    » Continue reading

    Caching Hadoop Data with Splunk and Hunk

    Although Hadoop is good at processing a large amount of data, it is not the fastest platform. Below are a list of options that Splunk and Hunk can offer to speed up the retrieval of results and lower the processing overhead of Hadoop.

    Each option has its own advantages:

    Screen Shot 2015-05-05 at 11.54.16 AM


    1) Hunk Report Acceleration

    This option caches the results in HDFS and keeps it fresh and current.  By default, Hunk will check for new Hadoop data every 10 minutes.

    Details =


    2) Hunk Scheduled Searches

    This option caches the results on the Hunk node and is available on the Search head for double the frequency of the schedule.  For example, if you schedule the search to run every 4 hours, the results …

    » Continue reading

    Integrating Splunk with Docker, CoreOS, and JournalD

    Hal here, your friendly Lorax and developer evangelist! I wanted to share with everyone a guest post from a Splunker whom I met and see regularly at the Metro Atlanta Splunk User Group, Robert Labrie. Robert is a DevOps Engineer at The Network Inc, a company which builds solutions that prevent, detect and remediate misconduct to help companies maintain ethical cultures.

    This post is about how Robert approached building out a new architecture, and of course, how to index the data generated by all of the components. Without further ado, take it away, Robert!


    The team at TNWDevLabs started a new effort to develop an internal SaaS product. It’s a greenfield project, and since everything is new, it let us …

    » Continue reading