Splunk and Cisco Umbrella: See what you’ve been missing…

The following is a guest post by Rachel Ackerly, product marketing manager, Cisco Umbrella.

Screen Shot 2017-02-13 at 9.40.19 AM

Do you have eyes in the back of your head? (Unless you’re my mother, there is a good chance you don’t.) Many security products claim to provide visibility into what’s happening on your network, but how many actually deliver on that promise?

So how do you see what’s happening on the internet, beyond your perimeter? Isn’t that the question security professionals have been struggling with as the world becomes more mobile? Your employees connect to the internet from many different locations and devices. VPN is no longer necessary to get work done, they use Software-as-a-Service (SaaS) apps. But that leaves users more vulnerable to threats, …

» Continue reading

Data night: Splunking your Valentine’s RomCom.

DataHeart2You don’t often think about big data and romance at the same time unless you really love analytics and nobody has ever died of a broken heart chart. However, Valentine’s Day is upon us once more and across the world, data scientists are looking at analytics around the sales of roses, chocolates and cards with cuddling, fluffy bunnies on them. I’ve written in the past about using data to improve your success at dating and also why big data is like falling in love but this year, it felt like I needed to analyze Valentine’s Day from a much more practical perspective.


I’ve been married fifteen years, have three children and working at Splunk keeps you busy. When Valentine’s …

» Continue reading

Splunk AWS Quick Start: Deploy Your AWS Splunk Environment In Minutes

If I told you that a fully operational Splunk Enterprise deployment in AWS could be yours in a matter of minutes, would you be interested? Sit down, relax, and I’ll tell you all you need to know to have a Splunk Enterprise deployment ready to index; fully configured with indexer replication and search head clustering in less than an hour.

Late last year, I wrote a deployment guide for Splunk Enterprise on AWS that explains your options when deploying Splunk Enterprise in AWS. Today, it gets better: I’m happy to report that document has been expanded upon, and Splunk has released an official Splunk Enterprise AWS Quick Start.

If you’re not familiar with AWS Quick Start, the underlying …

» Continue reading

Everything You Need to Know About Splunk ITSI

ITSI_PointWith the latest version of Splunk IT Service Intelligence (ITSI), you can apply machine learning and advanced analytics to:

  • Simplify operations with machine learning
  • Prioritize problem resolution with event analytics
  • Align IT with the business with powerful real-time service-level insights

So how do you get started?

Learn More About Splunk ITSI’s Benefits and Features

Watch this 2-minute overview of Splunk ITSI:

Getting ready for a deployment? For a closer look at Splunk ITSI’s capabilities, check out these resources.

» Continue reading

Your Splunk Workspace

What is a Workspace? In my mind, it’s a well defined area within which one can construct and create without impact to and by externalities.

Implemented in Splunk, it’s a user logging into Splunk, getting escorted to content for their domain, and not being distracted or impacted by the activities of others.

As you might have guessed, this concept IS implemented already in Splunk by means of visible “apps.” Unfortunately, many of us don’t embrace apps in this fashion – and for good reason! We often associate apps with the rich contributions available on Splunkbase and rarely consider the simplest of apps, as a Workspace for user groups.

Let’s change that today. Let’s reset how we think about apps and …

» Continue reading

Data-driven insights into performance, availability and compliance of an FX service with ITSI

Running a Service in financial services is tough.  Not only is there the burden of ensuring your service is 100% available to avoid a financial meltdown but you also need to find ways of optimizing every available CPU clock or KB of memory to stay competitive (check out long-time Splunker Finnbar Cunningham’s Credit Suisse .conf Presentation). All whilst having regulators breathing down your neck ready to slap a multi-million (or billion) dollar fine on you.

Maybe you do deserve those bonuses.

What do I mean by a Service? A system or application that allows a business to operate or trade.  This could be an online retail site, an ERP platform and so on.  For financial services, and capital markets in …

» Continue reading

How to stream AWS CloudWatch Logs to Splunk (Hint: it’s easier than you think)

At AWS re:Invent 2016, Splunk released several AWS Lambda blueprints to help you stream logs, events and alerts from more than 15 AWS services into Splunk to gain enhanced critical security and operational insights into your AWS infrastructure & applications. In this blog post, we’ll walk you through step-by-step how to use one of these AWS Lambda blueprints, the Lambda blueprint for CloudWatch Logs, to stream AWS CloudWatch Logs via AWS Lambda and into Splunk for near real-time analysis and visualization as depicted in the diagram below. In the following example, we are interested in streaming VPC Flow logs which are stored in CloudWatch Logs. VPC Flow logs capture information about all the IP traffic going to and from …

» Continue reading

How to Stop Playing the Blame Game in Your IT Department

It’s a familiar scenario: a problem is discovered, and a Service Desk Team gets a help ticket. The Service Desk Team tells Operations that there’s an outage. The Operations Team suggests that the problem could be the result of bad code and passes the issue to Dev. The Dev Team responds that it doesn’t have the tools to solve the problem and asks for logs from production systems.

Suddenly the situation is escalated.

A war room’s assembled. Here you’ll often find a DBA, Docker specialist, network specialist, release manager, site reliability engineer and a developer, sometimes calling in remotely from separate locations. The pressure’s on for everyone to prove their innocence and confirm individual components of the infrastructure are ok. …

» Continue reading

2016 Reflections and 2017 Resolutions: The Partner Perspective

Partner +The past year has been an exciting one for the Splunk partner ecosystem, and in 2017 we have even more in store. So, let’s get started with looking back at 2016.

Throughout the past year, we’ve focused on maturing our partner ecosystem by enhancing our Partner+ Program, which included launching our Technology Alliance Partner Program (TAP) and much more. Each component of our partner business – programs, operations, marketing and sales – is honing in on their offerings to benefit partners of all types. With a focus on our partners’ end-to-end experience coupled with innovative technology to enhance our program, our ecosystem will be unstoppable in 2017!

What have we done differently?

We’ve continued to prioritize our partners, by …

» Continue reading

Implementation of Incentive Driven User Access

Out of the box, a Splunk user has the capabilities to do some powerful stuff – but as Uncle Ben tells us, “with great power comes great responsibility“. In my prior post, we reviewed the scenario and purpose behind Incentive Driven User Access. In a this post, we’ll dive into the conf files and explore what settings are worth reviewing to implement such a solution.


Let’s conceptually differentiate the settings for authorization and those of authentication. The names are so darn similar that without understanding their differences, you’re bound to mix them up.

When you first navigate to your Splunk deployment, you need to prove that you’re a valid user. To do this, Splunk will need to …

» Continue reading