When most people first come across Splunk, the first set of users associated with it naturally become operations, security, or compliance personnel. Splunk naturally lends itself for their use. I was speaking to some software engineers explaining what Splunk does and the connection for how it could be used for their engineered Service Oriented Architecture [...]

Today, I’m writing as a guest blogger for Bob Fox to create part 2 of enriching data with the Splunk lookup command. Bob had already created part 1, which describes in detail with an example how to use the lookup command to enrich data from external CSV files. Today’s topic builds on the lookup command [...]

I’ve been asked a few times on how best to search for events which may  contain many different discrete values for a field. It’s essentially using an OR (disjunctive search) in the search language. For example, you can do this:
sourcetype=my_sourcetype (planet=mars OR planet=earth OR planet=saturn)
This works fine for a finite case where you only have [...]

Many companies produce RSS (Really Simple Syndication) feeds for their employees, partners, and customers. Moreover, these same companies consume RSS feeds from their suppliers whether it be personal news information or more timely business data. RSS is a great way to digest this information, but after a certain period, it may not be possible to [...]

I have mentioned in past blog entries that Splunk can be used to contribute to the governance and indexing of Service Oriented Architectures. In this post, I will discuss a more common issue that pertains to log management, operations support, and troubleshooting. In a typical SOA deployment, you may have a situation where a user [...]

I was talking to some Splunk Users and mentioned scripted alerts as a very powerful way to invoke any program to get an alert. My thoughts then came to audible alerts. Since a scripted alert can call anything, it is possible that the script can call a program that can remotely send an alert that [...]

In a previous blog entry, I had mentioned that Splunk can participate as a Services Oriented Architecture (SOA) consumer and provided an example on using web services as a scripted input. In today’s entry, I’ll discuss a more administrative task, which is quite native to Splunk, change management. As you may well know, Splunk can [...]

One of our partners in Asia came up with the interesting catch phrase “Everybody Splunk”, which we say internally. Today’s topic is about everybody using Splunk’s SDKs. As I’ve spoken to Splunk users, I’ve noticed that many of them are not aware of their existence. This topic has been discussed elsewhere in the development guide, [...]

When you think about Service Oriented Architectures (SOA), Splunk doesn’t come to mind first. However, it is important to realize that any entity that is able to consume or produce services is by definition a participant in a SOA. With that said, let me state that Splunk can easily capture and index the output of [...]

Welcome to my first blog entry. Hopefully, this will be a productive experience for all of us.
For my first topic, I’ve decided to talk about customizing Email Alerts in Splunk. Currently, in the 3.x version of Splunk, you can easily specify an alert to send an email, which can even include search results. Some people [...]