SplunkLive! London: What did you miss?


Full disclosure: I work for Splunk in the Sales Engineering team and have done so for the last 11 months.

This week I attended my very first SplunkLive! in London and it completely vindicated my decision to join this fantastic company.

Since I joined last June Splunk has grown, matured and expanded its cloud offering, providing the industry’s first and only 100% uptime availability for our managed machine data analytics platform and now we’ve rolled it out across the globe.

We’ve also launched Splunk MINT our mobile analytics platform that can provide deep insights for mobile app development teams as well as correlating a mobile app user’s experience with the performance and availability of the backend infrastructure.

We’ve added

» Continue reading


Splunk Instagram

They say a picture is worth 1000 words. Actually it’s far more than that.

Take an Instagram image, there is tons of useful metadata behind the image – not just that tasty picture of what you had for dinner last night.

But how do you start to look at this data? I think you already know the answer to that! This post is just a quick guide showing you how to ingest and visualise Instagram data in Splunk.…

» Continue reading

.conf2014 Highlight Series: Detecting Fraud and Suspicious Events Using Risk Scoring


.conf2015 registration is open!

We’re excited to continue our series of .conf2014 #TBT highlights, especially as we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas this September. This week we revisit Robert Perdues’s presentation about how Splunk can be used to detect fraud and suspicious events using risk scoring.

Skill Level:

Solution Area:
Fraud, Security

Splunk Enterprise

Presentation Overview:
This session showcases how Splunk can be used to build a risk scoring engine designed to detect fraud and other suspicious activities. This presentation includes a real-world fraud detection use case, a detailed description of the searches and lookups, which drive risk scoring, as well as other cyber security related applications of risk …

» Continue reading

Zillow developing on Splunk

zilllowThe Splunk Developer platform allows extending the capabilities of Splunk Enterprise by building your custom solutions. One of the ways to extend Splunk is to implement custom search commands, effectively extending Splunk Search Processing Language (SPL). Custom search commands are programs that allow you to stream or report on data.

In a recent Seattle Splunk User Group meeting, Bernie Macias and Jerome Ibanes of Zillow provided an overview of custom search commands, discussed the anatomy of a command, and provided a deep dive into building and packaging them. They demonstrated real-world usage of custom search commands at Zillow.

You can read Bernie’s indepth post on the Zillow blog: Splunk at Zillow

For additional guidance on custom search commands and …

» Continue reading

Panel Insights from the ACFEA C4ISR Symposium

B_GSiiLXIAAU1wsThe Armed Forces Communications and Electronics Association (AFCEA) San Diego chapter recently hosted its annual C4ISR Symposium. This year’s theme was “The Evolving Definition of Navy Cyber: How C4I, Combat Systems and HM&E are redefining the Cyber Battlespace.” I was asked to participate on a panel to provide insight into the benefits and risks associated with cyber operations. The session was moderated by Engility VP Jeremy Ross and I was joined on the panel by Captain Mark Jarek of the U.S. Navy and Anthony Grieco, a principal engineer at Cisco. Below are some of the key topics our panel explored.

To begin, we discussed the fact that cyber is now undoubtedly a warfighting domain and the risks of today’s …

» Continue reading

Monitoring and alerting for activities of expired user accounts


When it comes to insider threats and user activity monitoring, I see a very common use case that works extremely well across multiple industries. I want to share it with you in this blog post.

Monitoring and alerting for activities of expired user accounts


Your company can have a lot of different user accounts – not just the internal employed worker. There might be more focus on external contractors who move in and out more often or even B2B portals with intellectual property exchange.

If you need to monitor expired accounts, it comes down to the following:

You need to have the username, expire date and user activity data. To get the expire date information is some homework.

Here are two pieces advice:

  • Get the expiry

» Continue reading

Secure Cloud Data Processing

Companies outsourcing data storage and management to cloud services are being confronted with a new concern. How can data be stored and accessed in a way such that individuals and businesses privacy is maintained?

Traditional cryptographic encryption applications are limited to the transmission of data to and from the cloud and occasionally with data at rest in some sort of cloud storage.

But most companies aren’t content to simply store data in the cloud – they want to analyze it!   And performing almost any analysis requires that the data first be decrypted. Therefore, persistent attackers will still have an opportunity to compromise sensitive data.

In 1978, Rivest, Adleman and Dertouzos asked[1],

“Can one compute on encrypted data, while keeping it …

» Continue reading

.conf2014 Highlight Series: Getting Deeper Insights into your Virtualization and Storage with Splunk


.conf2015 registration is open!
.conf2015 call for papers and speakers ends tomorrow – May 8!

As we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas in September, we’re excited to continue our series of .conf2014 #TBT highlights. This week we revisit Stela Udovicic and Michael Donnelly’s presentation focused on Splunk insights into virtualization and storage.

Skill Level:
Good for all skill levels

Solution Area:
IT Operations, Application Management

Splunk App for VMware
Splunk App for NetApp
Splunk Enterprise

Presentation overview:
Virtualization and storage technologies go hand-in-hand. If performing poorly, they can have a serious impact on your applications’ performance and users’ experience. This presentation shows how Splunk can help you get unified visibility …

» Continue reading

Let’s Get Technical: Splunk Enterprise 6.2

Do You Know Splunk? Webcast Series Kick off! What’s New in Splunk Enterprise 6.2?

splunk_LogoLast week we launched our Do You Know Splunk? webcast series. The series will provide attendees with insight on the latest tips and best practices for optimizing your Splunk environment. Each webcast will highlight Splunk’s products and, together, we will dive into the weeds with users to help them better understand and harness Splunk’s platform within their organization. Plus, the online series will introduce Splunk users to new ideas and share how our solutions can help further increase visibility and intelligence for various data types and sources.

Our first webcast featured Splunk Enterprise 6.2.

With Splunk Enterprise 6.2, you can onboard, enrich and analyze …

» Continue reading

Caching Hadoop Data with Splunk and Hunk

Although Hadoop is good at processing a large amount of data, it is not the fastest platform. Below are a list of options that Splunk and Hunk can offer to speed up the retrieval of results and lower the processing overhead of Hadoop.

Each option has its own advantages:

Screen Shot 2015-05-05 at 11.54.16 AM


1) Hunk Report Acceleration

This option caches the results in HDFS and keeps it fresh and current.  By default, Hunk will check for new Hadoop data every 10 minutes.

Details =



2) Hunk Scheduled Searches

This option caches the results on the Hunk node and is available on the Search head for double the frequency of the schedule.  For example, if you schedule the search to run every 4 hours, the results …

» Continue reading