So here it is, my first blog post as Splunker, and boy has it been a long time coming!  Writing a blog post has been something I’ve been asked to do for pretty much as long as I’ve worked at Splunk.  It’s not that I didn’t want to write a blog, but more that I could never come up with anything cool/fun to say.

Then it finally hit me today, while I was walking around the office (and someone called me Amrit?!?!) — I have no idea who sits 4 desks away from me!  With that in mind, starting next week week, I am going to try to do a blog series called “Know your Splunker”.  It’s meant not only…

You may have noticed that we’re quite fond of ponies here at Splunk.  Many have asked what the connection is, so I sent around the story below a while back.  Enough people keep asking that we decided to share with a wider audience… Enjoy:

Back around the middle of 2006, engineering already had a large backlog of fixes that needed to be made to the codebase – removing the use of various open source projects, writing our own libraries that would run on more platforms, etc.  It was well understood that some of these projects would be pretty nightmarish – someone would have to be dedicated to them full time…

Last week Splunk joined several other companies at U.S. NIST’s signing ceremony symbolizing our participation and partnership in the National Cybersecurity Center of Excellence (NCCoE).

There’s no doubt that there is a critical need to protect private-sector intellectual property and other valuable business data from a growing number of cyber threats. This partnership illustrates our commitment to the spirit of collaboration while providing real-world cybersecurity capabilities that address business needs.

The NCCoE has three key goals:

• Provide practical cybersecurity – Help people secure their data and digital infrastructure by equipping them with practical ways to implement cost-effective, repeatable and scalable cybersecurity solutions.
• Increase rate of adoption – Enable companies rapidly adopt commercially available cybersecurity technologies by reducing their total

…

Submitted on behalf of Enoch Long

On March 14^th I presented an overview of Splunk to contestant finalists at the CyberPatriot V National Finals Competition at the Gaylord National Resort and Convention Center in National Harbor, Maryland to approximately 125 – 130 students. Created by the Air Force Association (AFA), the Cyber Patriot competition was created as a response to the critical need for cyber professionals in the workforce by enhancing high school students’ knowledge of careers in cyber security, technology, engineering, and math disciplines. Splunk was a Diamond level sponsor of the event. This meant that for the first time in the history of the competition a proprietary piece of software allowed as part of the competition and…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: Splunk can tell you if you have the Darkleech, the return of Answers from the past, ruining you for all other vendors, short but wise (like Yoda), badgers.

Splunking your apache logs?

Team regex helps you protect against the Darkleech malware:

<^Brian^> http://arstechnica.com/security/2013/04/exclusive-ongoing-malware-attack-targeting-apache-hijacks-20000-sites/
<@Splunky> ^Brian^’s URL: “Exclusive: Ongoing malware attack targeting Apache hijacks 20,000 sites | Ars Technica”
<^Brian^> fyi
<^Brian^> \/[a-f0-9]{32}\/q.php <- for those of you splunking your apache logs..regex to pick up the hijack
<jtrucks> ^Brian^: awesome, thanks.
<jtrucks> ^Brian^: so like this? rex _raw=”\/[a-f0-9]{32}\/q.php”
<jtrucks> my brain will not engage today.
<^Brian^>…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: Splunk Singles, they always come back in the end, what happens when users set their own schedules, and the nature of Batman’s poop:

#splunk can help you get a date

Knowledge is always attractive:

<trakz> Man…. decent field extractions in splunk are really hard for complex log types. Wish someone had a cookbook for that.
<alacer> trakz: explain.
<trakz> For example anything windows based (IIS, Event Logs) seems to follow somewhat random formatting.
<alacer> I’m working on an IIS TA for Splunk.
<trakz> are you dating anyone?
<alacer> I’m married.
<trakz> lol

A prodigal

…

Before we knew it, it is almost time for our 2nd annual APAC partner kick off that will fall on 19th till 21st March 2013 at magnificent Bali, Indonesia. As a preview to all the partners who will be attending this kick off with us, we have lined up a series of rock solid business and technical tracks that will definitely keep their time away from the beaches and bars. I’m sure the partners will gain tremendous values out from these three days.

There are close to 30 tracks that will be delivered, and topics range from global deployment considerations to Splunk modular inputs and SDK to even a rare chance to hear what our legal has to say…

I am often asked, “can i store pcap headers in splunk ?”. My response is a somewhat useless, “that’s easy”. To which the inquirer says, “if its so easy, show me; right now”. Ok. Fair point

We’ll do all this from the command line but first a quick overview:

- Create a new index, pcaphead,
- Create a splunk listener, udp 5000.
- Run tcpdump to print the headers
- Use netcat to send the headers to Splunk
- Run a Splunk search.

This is what it looks like on the command line.

merza-mbp15:Downloads mmerza$ # add the index using the splunk password
/opt/splunk/bin/splunk add index pcaphead -auth admin:supersecret
#

…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: the cocaine-addled squirrel method of software testing, putting the auto(bot) in automatic lookups, sometimes text adventures are dangerous:

We’re helping!

Trakz built an amazingly cool graphical field/index explorer. Seriously, check this thing out, it’s AWESOME:

<trakz> I continually lose track of which fields are common across indices in my environment. So i built a index/field explorer in D3 to help me find them: http://bl.ocks.org/4543583
<trakz> v2 will include the search term to cut ‘n paste!

and then…the #splunk channel helps trakz ‘debug’:

<trakz> (there are still some bugs I need to iron out, ie. selecting dozens of fields eventually has odd…

Splunk4Good’s new intern, Carol Silva, told you recently how excited we were to be sponsoring and hosting StudentRND‘s 1st Code Day SF here at Splunk HQ over President’s Day weekend. I knew it was going to be great, but I had to blog myself to share how absolutely wowed I was at the epic success of this event!

Saturday morning as Tyler Menezes and Chris Engelbrecht from StudentRND finished setting up, the first few kids starting filtering into the Splunk Dev space, all with laptops and some with fancy gaming accessories or sleeping bags in hand. I had my first indicator things were going to be epic when before the keynote even began there was…