Announcing the Splunk developer tools for .NET Beta, a new day is dawning!

NewImage

 

 

 

 

 

 

 

 

 

 

 

 

 

https://www.flickr.com/photos/gnuckx/4772940241 

Several months back we posted that we were working on the next generation of the Splunk SDK for C#. Today, I am excited to announce the beta of our new .NET developer tools. This release includes a mini arsenal for .NET development including the new C# SDK, and much, much, more!

C# PCL SDK

As previously mentioned, this is a new C# SDK for developing cross-platform applications which integrate with and extend Splunk.
The SDK has two components that are both available on NuGet
  • Splunk.Client - This contains a C# portable library for performing Splunk searches, doing simple management tasks and for sending events over HTTP to
» Continue reading

Sqrrl Connects to Hunk for Exploratory Analytics and Visualizations

Sqrrl-Hunk-App

In a Sqrrl press release today, Splunk partner Sqrrl introduced a connector to Hunk, joining the previously published Hunk apps with Amazon Web Services and MongoDB.

Using Hunk’s virtual indexing and result preview capabilities, you see search query results as they are streamed back from the Sqrrl Enterprise server, while taking advantage of Apache Accumulo’s cell level security. Apache Accumulo is based on Google’s BigTable design and is built on top of Apache Hadoop, Zookeeper and Thrift. Gartner recently named Sqrrl a 2014 Cool Vendor.

“Integration between Sqrrl Enterprise and Hunk opens the door for our joint customers in the U.S. Department of Defense, intelligence community and private sector to benefit from rapid schema-less search, analytics …

» Continue reading

routr : App that Shares Splunk Alerts on Social Media

What is routr ?

routr is a simple if-this-then-that workflow app to share Splunk alerts on your Twitter or Tumblr. It is easy to install, configure and run. This app is bundled together with a sample Splunk saved search that searches on failed login events to post a tweet on Twitter or an article on Tumblr whenever the alert is triggered from your Splunk instance. The search is triggered every 1 minute and looks for matching events in the relative past 1 minute.

Screen Shot 2014-08-01 at 2.07.20 AM   Screen Shot 2014-08-01 at 2.07.33 AM

Requirements to run this app ?

  1. Splunk installed
  2. Twitter and/or Tumblr account

How To Obtain Twitter OAuth And Access Tokens ?

  1. Sign up at Twitter if you are new to Twitter.
  2. Go to https://apps.twitter.com/
  3. Click at “Create New App”
» Continue reading

An Amazing Summer Internship At Splunk

First of all, I would like to extend my deepest gratitude to my manager, Alex Raitz who taught me invaluable skills and professionalism during this internship.  I was fortunate to be offered a second summer internship with the incredible App Foundations team.

Access to People and Knowledge

Among the amazing perks I received as an intern was the direct and open access to people and knowledge.  It was a pleasure to learn from my amazing teammates, Roy, Bill, Michael, Melanie, Ian, Kellen, Bumyong and Roussi who shared their knowledge of this field and taught me not only about software development, but also the values of teamwork and how to succeed together.  I had the opportunity to work closely with …

» Continue reading

Quick Tip: Wildcard Sourcetypes in Props.conf

Here is a quick one I use often.  Here is an excerpt from props.conf.spec:

[<spec>]
* This stanza enables properties for a given <spec>.

<spec> can be:
1. <sourcetype>, the source type of an event.
2. host::<host>, where <host> is the host, or host-matching pattern, for an event.
3. source::<source>, where <source> is the source, or source-matching pattern, for an event.
4. rule::<rulename>, where <rulename> is a unique name of a source type classification rule.
5. delayedrule::<rulename>, where <rulename> is a unique name of a delayed source type
   classification rule.
These are only considered as a last resort before generating a new source type based on the
source seen.

 

However, I often want to wildcard a sourcetype for …

» Continue reading

RDP to Windows Server from a Splunk Dashboard

Say you are browsing a Splunk dashboard and notice something odd in the data about a Windows server and you feel compelled to remote in to that server to do some more investigation. Sure, you could pull up your favorite RDP client and connect in. Or, you can save a couple of clicks and RDP to your server directly from the Splunk dashboard in one click.

Here is what the end results looks like in a dashboard:

RDP from Splunk

Clicking the RDP icon generates a .rdp file on the fly.  Your system’s file type association picks up the .rdp file and launches the RDP client with the correct parameters filled in.

RDP Connection

Generating a .rdp File on the Splunk Server

To RDP to …

» Continue reading

What’s new in TA-windows 4.7.0?

If you are a Windows admin and use Splunk then you’ve likely deployed Splunk_TA_windows on your endpoints. It’s a central method for handling Windows data and has all the extractions you need to handle Windows event logs. We’ve just released version 4.7.0. So what’s new and should you upgrade?

The first thing we did was we organized the data. The well considered best practice is to not put data in the default index. Yet here we were putting data in the default index. That has now changed. By default, we create three indices for you:

  • perfmon is used for performance data
  • wineventlog is used for event logs
  • windows is used for everything else

This change will not affect you if …

» Continue reading

Indexing data from Saas solutions running on relational databases

As we began work on building the Salesforce.com app, I was again face to face with a familiar challenge…a challenge that you would encounter anytime you want to ingest structured data coming from any Saas based application that is running on a back-end relational database. In such a Saas based environment, the data is usually exposed via a REST, Webservices API or similar. As you know, in a typical relational database, all data is stored in multiple tables and records are linked across tables using ID’s. For instance the Incident table in ServiceNow does not have the Username that created that ticket but has a User Identifier (long cryptic string) referencing another record in the “Users” table that includes the …

» Continue reading

Updated Keyword App

Last year I created a simple app called Keyword that consists of a series of form search dashboards that perform Splunk searches in the background without having to know the Splunk search language. You can read about the original app here and see how it easy it is to use. This year, I added some dashboards for the Rare Command, but I didn’t think it was newsworthy to blog about it.

Then, Joe Welsh wrote a blog entry about using the cluster command in Splunk, which allows you to find anomalies using a log reduction approach. Joe’s example using Nagios is easy to follow and gives the novice a useful approach to get rare events. So, using this approach, I …

» Continue reading

Splunk Cloud at MindTouch: From the Corner Office to the Cafeteria

I’ve blogged previously about the value customers tell us they get from Splunk Cloud and I’m thrilled to be sharing more. In a freshly minted press release, customer case study, and video, MindTouch talks about all the different ways they use Splunk Cloud across their business.

Some amazing nuggets include, how they:

  • Exceeded all customer SLAs using Splunk Cloud for real-time monitoring
  • Tripled customer count without any additional DevOps headcount
  • Increased customer retention by using machine data insights to demonstrate Mindtouch value to their customers
  • Display Splunk Cloud dashboards in the company cafeteria, so the entire company has visibility into the health of the Mindtouch cloud-based software

Testimonials like this are amazing … customers relying on …

» Continue reading