With the new release of Splunk Preview out, I’ve run into a problem keeping the different versions straight on my laptop. I have the free version, the Preview, the official release, and a version of current running - often times simultaneously. It’s getting messy.

What you really want to do is refer to them with different subdomain names, where something like http://splunkpreview.mydomain.com/ would bring up Splunk without having to remember the port number.

If you are running Apache, (like I am on Leopard) you get a reverse proxy server for free. With just a few lines of configuration, you can alias subdomains (or domains for that matter) to your heart’s content.

You also get the ability of putting content behind some basic authentication provided via Apache’s HTTP auth methods. This comes in handy if you’d like to link to your Splunk install from a publicly facing page, but don’t want people to know what type of content is behind the authentication. It also works for limiting access to a particular IP address group or domain.

I’ve put together a screencast covering how to do this from OS X’s version of Apache. Click on the thumbnail below to play the screencast.

Ruby on Rails is a popular programming framework for quickly creating web applications. It provides its own web server for development testing, and ships with OSX, which means the tools are now widely available to a broad group of programmers/coders/hackers. Coupled with the fact that most Rails developers use either Linux or OSX, and Splunk runs great on both of those platforms, it seemed obvious that we should come up with some sort of solution for mashing the two together.

I mentioned this in passing to one Sean Dick who is a developer friend of mine in Oklahoma City. What follows is a nearly identical post to the one he made over at his self-named blogpost on Blogger on how to get Rails to integrate with Splunk. “There’s plenty left to do.”, he said, but I’m convinced it’s worthy of mentioning here. Thanks for hammering this out Sean!

Serious Material from Sean Begins Here

As per the norm, this post assumes you’ve downloaded Splunk for your particular platform. It also requires a newer install of Ruby on Rails. Come back when you’ve completed both these tasks.

Get Splunk started now:

> sudo export SPLUNK_HOME=/opt/splunk/
> sudo ./opt/splunk/bin/splunk start


Mark Cohen posted a while back about enabling syslog on the iPhone for the sole purpose of logging to a Splunk instance on your laptop. This hack is a follow up to that post, and extends it slightly to include logging of the pages browsed by Safari on the phone. WARNING: If you brick your phone, you can still use it as an ergonomic pot-scraper. Splunk won’t be responsible for you going off and getting your $600 $400 piece of joy stuffed, but we’ll be happy to log the event.

Let’s get dirty. Go into settings..general..auto-lock and set locking to ‘never’. This will keep the phone on while you hack around on it. Keeping the phone on and connected to the network will drain your battery like nobody’s business, so make sure you plug in the charging cable.

Now install AppTap. Follow the instructions, and come back here when you are all done.

Using the AppTap installer on the phone, install the Community Sources, BSD Subsystem, Term-vt100, OpenSSH, Tinyproxy, and UIctl apps, in that order. UIctl will let you stop and start sshd on the phone. Launch it now to see if sshd is running. Click on the ‘load’ button if it’s not.

This is an easy-to-follow tutorial for charting battery usage on your Mac laptop with a small shell script and Splunk. Watching your battery charge is as exciting as watching paint dry, but analyzing it over time is pretty interesting. You may discover a few things about the software you run - like it eats your battery’s amps for desert.

A friend of mine, Sean Dick, showed me a version of this idea using Splunk on Linux and a program called ‘apci’. As I’m a Mac fanboy of sorts, I dug up a shell script for the Mac that will print out a single logfile-like line containing laptop battery information, including amp draw, amp-hours left, and more. It’s aptly named ‘battery’, and you can download it here.

I suggest you put battery in a directory under your home directory, say something called ’scripts’. Head into ‘terminal’ to start the dirty work.

Here’s an example output line from ‘battery short’:

G4:~ kord$ ./scripts/battery short
2007-10-07 18:34:27 1 _________i__ 11.232V -1.454A 2.788Ah of 4.720Ah (59.1%) of 4.400Ah (107.3%) 13 cycles