Splunk and AWS: Monitoring & Metrics in a Serverless World

Bill Bartlett (fellow Splunker) and I have recently had the distinct pleasure of moving some workloads from AWS EC2 over to a combo of AWS Lambda and AWS API Gateway. Between the dramatic cost savings, and wonderful experience of not managing a server, making this move was a no brainer (facilitated as well by great frameworks like Zappa). Both services are pretty robust, and while perhaps not perfect, to us they are a beautiful thing.

While we were using Splunk to monitor several EC2 servers with various bits of custom code via the Splunk App and Add-On for AWS, we realized (ex post facto) that while Lambda was supported out of the box by the Add-On, API Gateway was …

» Continue reading

Relating Add-ons to CIM

Something we’ve been interested in for a while now is tools to help you see whether a model is being populated or not. For instance, the latest version of the Splunk App for Enterprise Security includes a nice Content Profile Audit dashboard that compares the knowledge objects provided in the Enterprise Security app to the data models those objects require.

Similarly, we also want to be able to look at a data model and ask which Add-ons are trying to prepare data for it. Thanks to the efforts of some intrepid folks in our Education team (Lincoln Bowser and Bob Walden), here’s a couple of reports that should be helpful. The reports query local configuration via REST so they’re cross-platform, and they leverage …

» Continue reading

Don’t Forget to CIM! Or, How I Learned to Love Tags

Let me tell you a little story about something which I learned (or re-learned!) today. For the impatient, you can read Jack’s previous article on building technology add-ons, and go learn CIM (which stands for Common Information Model). I’ll put some other resources as the end as well.

The silly thing I have to admit first of all, is that I thought I knew this stuff. I’ve been involved in making data models for the CIM app, for cryin’ out loud! Anyway, to the story…

In my prior role in business development as a solution architect, and now as a developer evangelist, I frequently work with ISVs, IHVs, SIs and others who want to integrate their stuff with Splunk. …

» Continue reading

Reflections on a Splunk developer’s journey : Part 1

It seems like only yesterday

…that I was writing my first Splunk App. It was the openness and extensibility of the Splunk platform that attracted me to this pursuit in the first place, and when I discovered the thriving community on Splunkbase (now called Splunk Apps / Answers), I just had to contribute. 12,000+ downloads across 9 different freely available community offerings later, I am feeling somewhat reflective. So in this 2 part blog series I want to share with you some of my lessons learned from developing and supporting Splunk community Apps/Add-ons (part 1) and then some musings on why you should consider developing Splunk Apps/Add-ons yourself and contribute to the Splunk developer ecosystem (part 2).

Some lessons learned

» Continue reading