Splunk Apps installation assistant
So you were browsing the Splunk Apps portal and just found an app you’d like to try. You click “Download”, accept the license agreement and some file gets saved. Now what?
You quickly glance through the documentation to find out that you need to login to your Splunk server, open “Manage Apps”, find “Install app from file” button and then find the file you just downloaded… Sounds pretty boring?
If you happen to be a Chrome user, there’s some good news for you: this little extension will save you from those extra clicks. Once installed, tell it the url of your Splunk instance and the next time you find that interesting new app on Splunk Apps, it will display a …
Introducing the Cisco Security Suite for Splunk 6
I know. I normally blog about Microsoft stuff. Recently, however, I’ve been helping out on another project – updating the Cisco Security Suite to be compatible with Splunk 6. The Cisco Security Suite is the most downloaded app on Splunkbase behind the *Nix and Windows apps and exposes Cisco specific information about your Cisco specific security devices.
We had many aims for this project, aside from just upgrading everything to work with Splunk 6. We wanted it to use the Technology Add-ons that you may already have from a deployment of Enterprise Security. If you were considering an upgrade to Enterprise Security in the future (and you should – it’s awesome), then we wanted the data you have already …
Data Model Cheat Sheet
Have you been curious about how to incorporate data models into your Splunk life, but unsure about how to take the first step? Try this cheat sheet! It takes you step-by-step through the process of thinking about your data and creating usable data models to use yourself and share with others!
Using Bootstrap Modal with Splunk Simple XML
While working on a performance dashboard recently, I wanted an area to further explain the performance metric currently being displayed without taking up too much screen real estate. In the end, I ended up using a Bootstrap modal dialog to display the metric details when a user clicks an information icon. Here is the end result:
Step 1 – Add the Bootstrap modal markup to your dashboard
<row grouping=”2”> <chart id=”chart1”> … </chart> <html> <a href="#" id="btn1" class="btnModalInfo" data-toggle="modal" data-target="#desc1">…</a> <div class="modal fade" id="desc1"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"></div> <div class="modal-body">…</div> <div class="modal-footer">…</div> </div> </div> </div> </html> </row>
Universal Forwarders and the Splunk App for Active Directory
About once a week I respond to a call or online question asking about the Splunk App for Active Directory. Specifically, these questions ask one of two things. The first is “can I collect the Active Directory data remotely?,” and the second is “What user shall I run the Universal Forwarder as?” The cliff notes version is that you should not collect Active Directory data remotely, and you should install the Universal Forwarder as the system local user. If you want more information, read on.
Let’s start with the first question – can you collect the Active Directory data remotely? Technically, the answer is yes, but reality is the answer is that it is ill advised from a security …
It’s Valentine’s Day – love your date and your data
It’s Valentine’s day and I’ve just got back from Paris – the alleged “city of love”. I was there for SplunkLive! Paris so no romance but lots of alluring stories of how organisations are using their data.
It inspired me to think about the different stages of falling in love and how they relate to how we see people fall in love with their data using Splunk.
Think of that first meeting, a blend of nervousness, excitement, scope for unlimited embarrassment and imagination of where this is going to end. This could be a chance meeting, speed dating, mutual friend or downloading Splunk (bear with me on this!).
Hopefully the first meeting goes well. You click, you laugh at how …
Command Modular Input Use Case Series
Modular Inputs and Scripted Inputs provide a great way to develop custom programs to collect and index virtually any kind of data that you can set your mind to.
But on whatever platform you have deployed Splunk on, you will also have a whole bevy of other inputs just waiting for you to tap into to get that data into Splunk .They would be the various programs that come with the platform and those that you have installed on your platform.v
This is actually why I created the Command Modular Input that I introduced in a recent blog, a means to as simply as possible leverage the power of your existing system programs and get this data into …
Which Microsoft Servers are inactive?
What can you tell me about my environment? It’s a common enough query and Splunk seems to be able to answer them all. The latest was this: Can you give me a list of all the servers that are inactive? Inactive, for the purposes of this post, means that they are bound to the domain but they have not logged into the domain in some period of time.
One of my favorite tools for answering these questions is the SA-ldapsearch commands. Fortunately for us, Active Directory contains the timestamp. Unfortunately for us, it contains two timestamps. The first is called “lastLogon” and contains the time stamp that the system in question last connected to THIS domain controller. The …
Splunk and The Top 10 CIO Priorities for State and Local Goverment
On November 5, 2013, National Association of State Chief Information Officers (NASCIO) released a member service document representing the top 10 state CIO priorities for 2014. The list presents no surprises as state CIOs try to do more with less extracting the most value out of every dollar, providing constituent services, protecting customer data and preventing data breaches. The list is almost a mirror image of the benefits our customers are seeing with Splunk. I won’t go through the whole list but lets look at the top three.
Security is the number one priority for state CIOs in 2014:
“Security: risk assessment, governance, budget and resource requirements, security frameworks, data protection, training and awareness, insider threats, third party security …
That happened: episode 39
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: Splunk results on your iPad–or anywhere, bromance is in the air, you may want to go back to college, gems from the tip jar:
Do you use statusboard on your iPad?
Starcher wrote a cool thing!
This makes me think of another “get your Splunk on anywhere your iDevice is” project, the Splunk Everywhere utility written by David Carasso. Check out his blog post about it here: http://blogs.splunk.com/2014/01/29/splunk-alerts-and-charts-on-your-iphone/
Jeffums (aka DaGryph) makes …