Writing Actionable Alerts

Is your Splunk environment spamming you? Do you have so many alerts that you no longer see through the noise? Do you fear that your Splunk is losing its purpose and value because users have no choice but to ignore it?

I’ve been there. I inherited a system like that. And what follows is an evolution of how I matured those alerts from spams to saviors.

Let it be known that Splunk does contain a number of awesome search commands to help with anomaly detection. If you enjoy what you read here, be sure to check them out since they may simplify similar efforts. http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Commandsbycategory#Find_anomalies

Stage 1: Messages of Concern

Some of the first alerts created are going to be searches …

» Continue reading

My Splunk Origin Story

A World Without Splunk

In my pre-Splunk days, I spent significant time leading the vision for standards and automation in our company’s large distributed IBM WebSphere Network Deployment environment. Even though we used standard build tools and a mature change process, significant entropy and deviations were introduced into the environment as a product of requirements for tuning, business, infrastructure, security, and compliance.

As a result, we were unable to recognize the scope of impact when it came to security vulnerabilities or violations with 3rd party compliance. Even worse for us, we spent way too many staff-hours trying to replicate issues between production and quality assurance environments because we had no easy way to recognize the contributing configuration differences.

It’s a Bird, It’s a

» Continue reading

How’s my driving?

It was the summer of 2014. I was well into my big data addiction thanks to Splunk. I was looking for a fix anywhere: Splunk my home? Splunk my computer usage? Splunk my health? There were so many data points out there for me to Splunk but none of them would payoff like Splunking my driving…

Rocky Road

At the time, my commute was rough. Roads with drastically changing speeds, backups at hills and merges, and ultimately way more stop and go than I could stomach. But how bad was my commute? Was I having as bad an impact on the environment as I feared? Was my fuel efficiency much worse than my quiet cruise-controlled trips between New York and Boston? …

» Continue reading

How Brands Manage Data During the Super Bowl

You see servers and devices, apps and logs, traffic and clouds. We see data — everywhere. And with one of the world’s biggest sporting spectacles taking place just down the road from us in less than two weeks time, we thought we’d take a look at a few Splunk customers and how they’ve managed their data loads during the big game.

Coping with web traffic – Cars.com & Nissan
A few years ago, Cars.com used Splunk Enterprise to ensure its web environment could withstand the user load — and ensure a pleasant customer experience — during their Super Bowl advertisements. In years past Cars.com relied on aggregate data to determine their overall performance under Super Bowl levels of stress. …

» Continue reading

Splunk wins “Big Data Innovation” at Computing’s Vendor Excellence Awards

ExcellenceIt is always nice to end a working week on a high and last Friday gave the Splunk EMEA team a great start to the weekend. We were nominated and won Computing’s Vendor Excellence Award for “Big Data Innovation”. The judges commented specifically on Splunk’s ability to democratize big data so that everyone can use it.

 

It was a nice way to spend a Friday afternoon and there was a lot of nervous anticipation over lunch as to who was going to win the various awards.

Awards22

The ceremony started with something I’d never seen before. The pre-award entertainment was 25 year old rapper comedian, Chris Turner (@ChrisPJTurner). Dressed in a very dapper suit he explained how he was going …

» Continue reading

Evaluating the Government’s Approach to Investing in Cyber

B_GSiiLXIAAU1wsAs you’ve probably noticed, there has been significant media coverage lately about federal agency breaches and the importance of improving cybersecurity practices. The most recent breach of the Office of Personnel Management (OPM) has put a spotlight back on the security practices of federal agencies and has created questions for government leaders around how they can better secure their data. In fact, the incident prompted U.S. Federal CIO Tony Scott to issue a 30-day cybersecurity sprint calling on agencies to evaluate current practices and begin addressing any security gaps or vulnerabilities. But what else can agencies be doing to improve their security posture?

One of the best ways agencies can start doing a better job of securing their networks is …

» Continue reading

Is the secret to (big) data success collect once and use many?

swiss_army_knife_512373Many moons ago, I used to write code, badly. I learnt to program in COBOL, PL1 and JCL (Job Control Language). I then moved on to programming Java which promised portability, reuse and “write once, run many”. I’ve spent the last few weeks talking to a lot of Splunk customers and it struck me that the companies having the most success and making the best case for value of big data are the ones who are using the same data for multiple purposes. It got me thinking if there is something in that promise of Java many years ago that we can learn from with big data. Is the secret for big data success “collect once and use many”?

 …

» Continue reading

All aboard with Infrastructure 4.0 — Splunk wins Deutsche Bahn Internet of Things Hackathon

Deutsche Bahn (DB) describes itself as the second largest transport company in the world and is the largest railway and infrastructure operator in Europe. With the popularity of Industry 4.0 and IoT in Germany, DB recently ran a “Deutsche Bahn goes 4.0” Hackathon over the weekend of May 8-9 2015. The concept was “We provide the data, you innovate with it”. Splunk participated with a crack team of two people, a copy of Splunk Enterprise running on a laptop and got their hands dirty digging into a labyrinth of infrastructure data. The challenge was tough: starting at 5pm we had 24 hours straight to analyze the data and demonstrate the value from it. After the final presentation of …

» Continue reading

Caching Hadoop Data with Splunk and Hunk

Although Hadoop is good at processing a large amount of data, it is not the fastest platform. Below are a list of options that Splunk and Hunk can offer to speed up the retrieval of results and lower the processing overhead of Hadoop.

Each option has its own advantages:

Screen Shot 2015-05-05 at 11.54.16 AM

 

1) Hunk Report Acceleration

This option caches the results in HDFS and keeps it fresh and current.  By default, Hunk will check for new Hadoop data every 10 minutes.

Details =

http://docs.splunk.com/Documentation/Hunk/latest/Hunk/Workwithreportacceleration

 

2) Hunk Scheduled Searches

This option caches the results on the Hunk node and is available on the Search head for double the frequency of the schedule.  For example, if you schedule the search to run every 4 hours, the results …

» Continue reading

Survey Results: Big Opportunity for Big Data in Cybersecurity

GoBigSecurityLast week, MeriTalk, a public-private partnership focused on improving the outcomes of government IT, released a survey in collaboration with Splunk to explore how big data analytics play a key role in preventing cyber threats on government networks. With high-profile breaches garnering more public attention, we decided to do a deeper dive on how government cybersecurity professionals are currently monitoring threats on their network and areas in which they can improve. We surveyed 302 Federal, State and Local IT leaders to reveal current cybersecurity strategies and next steps organizations can take to improve security. The outcome? Government agencies understand there is value in using big data to support security, but very few agencies are taking full advantage of this …

» Continue reading