When most people first come across Splunk, the first set of users associated with it naturally become operations, security, or compliance personnel. Splunk naturally lends itself for their use. I was speaking to some software engineers explaining what Splunk does and the connection for how it could be used for their engineered Service Oriented Architecture [...]

Today, I’m writing as a guest blogger for Bob Fox to create part 2 of enriching data with the Splunk lookup command. Bob had already created part 1, which describes in detail with an example how to use the lookup command to enrich data from external CSV files. Today’s topic builds on the lookup command [...]

I’ve been asked a few times on how best to search for events which may  contain many different discrete values for a field. It’s essentially using an OR (disjunctive search) in the search language. For example, you can do this:
sourcetype=my_sourcetype (planet=mars OR planet=earth OR planet=saturn)
This works fine for a finite case where you only have [...]

Many companies produce RSS (Really Simple Syndication) feeds for their employees, partners, and customers. Moreover, these same companies consume RSS feeds from their suppliers whether it be personal news information or more timely business data. RSS is a great way to digest this information, but after a certain period, it may not be possible to [...]

I have mentioned in past blog entries that Splunk can be used to contribute to the governance and indexing of Service Oriented Architectures. In this post, I will discuss a more common issue that pertains to log management, operations support, and troubleshooting. In a typical SOA deployment, you may have a situation where a user [...]

Sometimes users of Splunk like to have Splunk tell them what is happening with their infrastructure without doing an ad-hoc search. The most obvious way to accomplish this is to use Splunk Alerts. An alert gets generated for a saved search that is executed over a configured period and matches user defined conditions.
Now suppose you [...]

I was talking to some Splunk Users and mentioned scripted alerts as a very powerful way to invoke any program to get an alert. My thoughts then came to audible alerts. Since a scripted alert can call anything, it is possible that the script can call a program that can remotely send an alert that [...]

In a previous blog entry, I had mentioned that Splunk can participate as a Services Oriented Architecture (SOA) consumer and provided an example on using web services as a scripted input. In today’s entry, I’ll discuss a more administrative task, which is quite native to Splunk, change management. As you may well know, Splunk can [...]