Hunk: Size matters

One of the questions I am often asked is what is the difference in storage between Splunk Enterprise and Hunk on Hadoop using Hunk archiving.  Customers are trying to drive down TCO by storing historical data in Hadoop since it can run on low-cost commodity hardware. Hunk provides a simple mechanism to archive data from Splunk Enterprise into HDFS. Any data in warm, cold or frozen buckets can be archived and offloaded from Splunk instead of being deleted.  The best part of the archiving functionality is that as soon as the data is copied over to Hadoop it is available for searching from Hunk straight away using the same SPL language you know and love.  Here is a great blog …

» Continue reading

Notes From Splunk .conf 2015 Day Two

The Search party last night was a blast, but today it was back to business. And Day 2 of the global Splunk user group, .conf2015, was another excellent day.

I started with some good mates from the industry analyst community, talking Splunk IT Service Intelligence (ITSI) over breakfast. I gained intriguing insights into our customers and our market, and came away with all sorts of possible new use cases for ITSI.

But as Steve Jobs said, innovation sometimes it means saying ‘no’ to a thousand good ideas, so for now we are going to focus on fulfilling the enormous early demand from our customers for POCs. Still, we are always looking for new ideas from our customers and partners (and analysts too!), …

» Continue reading

Earn a Seat at the Table: The convergence of IoT and business analytics

When I was a Splunk customer in financial services, my team and I had a strut; we had a swagger. We were in the business of equipment finance, providing commercial leases for things like forklifts, freight trucks, and x-ray machines, but despite being in an industry that hadn’t really changed in decades, our peers saw the value of technology. When we walked into a meeting with the business, people knew we weren’t there to fix the printer; we were there to help use technology to deliver more value to our customers. We had earned a seat at their table.

If you think about it, once you’ve signed for a lease or loan, you hear from your bank for a couple …

» Continue reading

My New Baby is a Hunk!


Before I introduce the star of the show, I thought I should introduce myself. I have two children under the age of two, one aged 18 months and the other 3 months old. Despite my wife saying she doesn’t want a third, it was born today and it was a hunk, named Hunk 6.3! This is my first release as the Product Manager for Big Data at Splunk and I really do think I have been given the best job at Splunk – the Product Manager for Big Data! My job is to look at ways frameworks such as Hadoop can augment the experience of one of the leading Big Data platforms in the world – Splunk Enterprise. What better …

» Continue reading

What’s new with Splunk MINT?

Splunk MINT logo

If mobile apps are part of your business, having real-time insight into app performance, crashes, usage and transactions is critical. With Splunk MINT, developers, operations and business all gain insight into the mobile end user experience  and can answer questions like: Is the app working or is it crashing on users? Are transactions fast or slow? Where are my mobile users, and what are they clicking and swiping on my mobile app. In March, we introduced Splunk MINT – including an app that connects directly on top of Splunk Enterprise.

We haven’t stopped there. This week at ..conf2015, we are announcing a number of cool enhancements to the offering.MINT - Affected Users 09-02

  • More developer insight with Stacktrace graphs and screen
» Continue reading

Notes From Splunk .conf 2015 Day One

PartPavWhat a fantastic first day at my first ever Splunk global user conference, .conf15. Last night’s Partner soiree kicked off the fun, bringing our customers and partners together in the expo pavilion over some tasty conference food and free-flowing drinks. Demos everywhere, a gaming space, golf swing analytics, and even a race car – no wonder it was absolutely packed!

The first full day started today with the opening keynote in front of a visibly energized crowd in a packed hall. Over 4000 Splunk customers are attending this year, and .conf is still growing. Not surprising, since this year Splunk chalked up its 10,000th customer.

The keynote was fantastic, among the best I have seen. Dynamic and informative, with a bit …

» Continue reading

Splunk Enterprise 6.3 – Shaking It Up!


Today at the Splunk .conf2015 User Conference we literally shook thinks up with the announcement of Splunk Enterprise and Cloud Release 6.3.

The crowd shook their cell phones while the new HTTP Event Collector sent the data from every device to a central console that tracked the motion, mapped the results, and eventually fired a cannon using the new Custom Alert Action feature integrated into a Citrix Octoblu device controller.

It was a fun way to highlight several cool new features of 6.3:

The HTTP Event Collector directly onboards data from applications, DevOps and IoT devices in real-time, scaling to millions of events per second. Developers can use a standard HTTP/JSON API or logging libraries. Those that are using …

» Continue reading

Splunk IT Service Intelligence (ITSI) Brings New Levels of Visibility into the Entire IT Environment

BNR-LI-Social-conf2015-ITSIOn behalf of everyone at Splunk, I’m thrilled to announce Splunk IT Service Intelligence (ITSI), a next-generation monitoring and analytics solution built on top of the Splunk Platform.

The goal of modern IT is to deliver technology-based services to business users and customers. These IT services are more than just a single server, application, or client; they represent end-to-end business capabilities, such as an insurance claims process, a content delivery pipeline, or a store locator on a website. Such services are often complex, distributed, and interconnected, using multiple internal and external IT components, from back-end servers to mobile devices, across cloud, hybrid and on-premises deployments.

Splunk ITSI is a revolutionary approach to monitoring IT services to deliver true “Service Intelligence” …

» Continue reading

Turbo charging Modular Inputs with the HEC (HTTP Event Collector) Input

HTTP Event Collector (HEC)

Splunk 6.3 introduces a new high performance data input option for developers to send event data directly to Splunk over HTTP(s). This is called the HTTP Event Collector (HEC).

In a nutshell , the key features of HEC are :

  • Send data to Splunk via HTTP/HTTPS
  • Token based authentication
  • JSON payload grammar
  • Acknowledgment of sent events
  • Support for sending batches of events
  • Keep alive connections

A typical use case for HEC would be a developer wanting to send application events to Splunk directly from their code in a manner that is highly performant and scalable and alleviates having to write to a file that is monitored by a Universal Forwarder.

But I have another use case …

» Continue reading

SMS Alerting from Splunk with Twilio

Modular Alerts

With the release of Splunk 6.3 comes an exciting new feature called Modular Alerts.

Historically the alerting actions in Splunk have been limited to Email, RSS and if you wanted to perform some custom alerting functionality then you could execute a Custom Script.

Whilst many Splunk Ninjas over the years have accomplished all sorts of amazing Kung Fu by wrangling with custom alerting scripts , they are ultimately not the most optimal approach for users and developers.

  • manual setup
  • no configuration interface
  • need file system access
  • loosely coupled to Splunk
  • no common development or packaging standard

So what if you want more alerting actions that you can plugin and present as first class alerting actions in your Splunk instance.

Well …

» Continue reading