Preparing for a successful Enterprise Security PS engagement

splunktrust_square_logo(Hi all–welcome to the latest installment in the series of technical blog posts from members of the SplunkTrust, our Community MVP program. We’re very proud to have such a fantastic group of community MVPs, and are excited to share what we learn from them.

–rachel perkins, Sr. Director, Splunk Community)
Hi, I’m Doug Brown, Information Security Analyst at Red Hat, and member of the SplunkTrust.

Over the last few years I’ve spoken with a number of Enterprise Security customers from different regions, and I’ve received mixed feedback about their deployments. The good news is that there are some easily-avoidable common pitfalls, and by being aware of these before engaging Splunk Professional Services, hopefully you’ll be able to derive the …

» Continue reading

Creating McAfee ePO Alert and ARF Actions with Add-On Builder

One of the best things about Splunk is the passionate user community. As a group, the community writes amazing Splunk searches, crafts beautiful dashboards, answers thousands of questions, and shares apps and add-ons with the world.

Building high quality add-ons is perhaps one of the more daunting ways to contribute. Since the recently-updated Splunk Add-On Builder 2.0 was released, however, it’s never been easier to build, test, validate and package add-ons for sharing on SplunkBase.

Technical Add-Ons, aka TAs, are specialized Splunk apps that make it easy for Splunk to ingest data, extract and calculate field values, and normalize field names against the Common Information Model (CIM). Since the release of version 6.3, Splunk Enterprise also supports TAs for …

» Continue reading

Smart AnSwerS #80

Hey there community and welcome to the 80th installment of Smart AnSwerS.

The Splunk Pledge was announced last month, which is our commitment to research, education, and community service. Through Splunk4Good, a minimum of $100 million will be donated over the course of 10 years in software licenses, training, support, and education to nonprofit organizations and educational institutions. If there are any nonprofits or academic institutions engaging in positive social change that you feel could benefit from a free 10GB Splunk Enterprise license,  standard support, and Splunk eLearning access, please do encourage them to apply!

Check out this week’s featured Splunk Answers posts:

Is there documentation comparing the features of Splunk User Behavior Analytics (Splunk UBA) and

» Continue reading

Smart AnSwerS #79

Hey there community and welcome to the 79th installment of Smart AnSwerS.

It was great meeting a good handful of folks at .conf2016 just two weeks ago, and finally getting to put more faces to names among our awesome Splunk community. The enthusiasm, excitement, and overall energy throughout the conference is always revitalizing, reminding us Splunkers how important it is to maintain an open environment and culture moving forward. It’s thanks to the feedback of the many users in every type of role and level of experience that continue to make Splunk what it is today. I’m looking forward to more good times of learning and engaging with you all in the coming year.

Also, big congrats to our …

» Continue reading

Congratulations to the 2016-17 SplunkTrust MVPs!!!

splunktrust_square_logoWelcome back from .conf2016, everyone! It’s been a tremendous good time for all of us at Splunk, and we’re hoping those of you who were able to join us got as much out of it as we did. Among the other opportunities we took to recognize our outstanding customers and partners this year was the announcement of this year’s SplunkTrust Community MVPs.

We created the SplunkTrust Community MVP program to recognize our community’s top contributors, and to involve them in planning and policy decisions as our community grows. These community members have shown the very highest level of commitment to helping others succeed with Splunk, and are the second year’s SplunkTrust member roster:


2016-17 SplunkTrust inductees with Doug Merritt and Rachel Perkins

2016-17 SplunkTrust inductees with CEO Doug

» Continue reading

Smart AnSwerS #78

Hey there community and welcome to the 78th installment of Smart AnSwerS.

Things have been ramping up around Splunk HQ with conf2016 just around the corner! The Splunk education team is starting off strong with Splunk University beginning tomorrow and running through Monday, while the rest of the conference staff are working hard to make the final touches to ensure a smooth and awesome experience for all attendees. I’m looking forward to running into familiar faces and coming across new ones! I’ll be hanging out at the Splunk Answers booth at least half of the time during the conference, so if you happen to be exploring the source=*Pavillion, feel free to stop by to say hello. :) Safe travels …

» Continue reading

Smart AnSwerS #77

Hey there community and welcome to the 77th installment of Smart AnSwerS.

Applications for the 2016 – 2017 SplunkTrust cohort were submitted a month ago, and the current membership reviewed and ranked all of them individually within the past several weeks. The rankings have been gathered to finalize who will be a SplunkTrustee and inducted at .conf2016. The Splunk community has greatly benefited from the contributions of all the applicants through various means, and we can’t thank them enough for sharing their Splunk clue with other users to learn and grow. Best of luck to everyone!

Check out this week’s featured Splunk Answers posts:

Ever wonder which dashboards are being used and what users are using them?

» Continue reading

Smart AnSwerS #76

Hey there community and welcome to the 76th installment of Smart AnSwerS.

SplunkTrust member rich7177 graced us with his presence at HQ earlier this week, and was awarded an awesome trophy from the Splunk documentation team for always providing constructive feedback. Not only has he been helpful with improving the docs, but he’s an all-star on Answers too! Five of his many contributions have been featured in this Smart AnSwers blog series to date, with more to come I’m sure :) Congratulations Rich!

It’s a shame he couldn’t stick around until next week to join us for our monthly San Francisco Bay Area user group meeting next Wednesday, September 7th @ 6:30PM. If you happen to be in the area, …

» Continue reading

Splunk documentation feedback: how it works and what makes a champion

On Monday this week, we at Splunk HQ had the pleasure of hosting Rich Mahlerwein, founding SplunkTrust member, cape-and-fez wearer, and Senior Systems Engineer at the Forest County Potawatomi IT Department. During his visit, I asked Rich to come and meet the documentation team.

Rich is legendary among the Splunk doc writers for the quality of the feedback he offers, and how often he sends it. So they were eager to meet him in person.

Here on the Splunk documentation team, our writers work hard to make sure our content is relevant, accurate, and matches the way our customers use Splunk software in the real world. An essential aspect of that is customer feedback. The Splunk doc team enjoys …

» Continue reading

Smart AnSwerS #75

Hey there community and welcome to the 75th installment of Smart AnSwerS.

The “Where Will Your Karma Take You” contest officially ended this past Monday, and the winners were announced in a Splunk blog post by piebob earlier this week. BIG congratulations to sundareshr, skoelpin, and jkat54 for accruing the most karma points during the competition period, earning them each a free pass to .conf2016! If any of these guys have helped you solve your issues on Splunk Answers, be sure to thank them for being such awesome community contributors if you happen to cross paths. :)

Check out this week’s featured Splunk Answers posts:

How to encode a URL for a Hipchat notification alert action

» Continue reading