What’s next? Next-level Splunk sysadmin tasks, part 1

splunktrust

(Hi all–welcome to the latest installment in the series of technical blog posts from members of the SplunkTrust, our Community MVP program. We’re very proud to have such a fantastic group of community MVPs, and are excited to see what you’ll do with what you learn from them over the coming months and years.
–rachel perkins, Sr. Director, Splunk Community)


 

Hi, I’m Mark Runals, Lead Security Engineer at The Ohio State University, and member of the SplunkTrust.

While deployed to Bosnia years ago I latched onto something I heard in a briefing once: When loosely describing when particular roadmap type things would take place, the person speaking said there were things that were going to be done Now,

» Continue reading

Splunk Stream on a Raspberry Pi? YES!

As a network geek, I’ve always wanted to leverage sniffers and deep packet inspection programs to understand user experience and to secure networks. I have a home lab with many virtual machines. But let’s be honest, I really want to know what my household is doing on the Internet! I needed something light-weight, NOT an appliance as large as a data center!

Network Sniffers aren’t anything new. In fact, they’re old school. But, who would have thought a Raspberry Pi would be powerful enough to act as a real-time 24×7 sniffer? I embarked on this journey recently with the Splunk Stream App. And I must say, I’m pretty impressed.

Splunk Stream captures real-time streaming wire data and performs packet analysis …

» Continue reading

Writing Actionable Alerts

Is your Splunk environment spamming you? Do you have so many alerts that you no longer see through the noise? Do you fear that your Splunk is losing its purpose and value because users have no choice but to ignore it?

I’ve been there. I inherited a system like that. And what follows is an evolution of how I matured those alerts from spams to saviors.

Let it be known that Splunk does contain a number of awesome search commands to help with anomaly detection. If you enjoy what you read here, be sure to check them out since they may simplify similar efforts. http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Commandsbycategory#Find_anomalies

Stage 1: Messages of Concern

Some of the first alerts created are going to be searches …

» Continue reading

How’s my driving?

It was the summer of 2014. I was well into my big data addiction thanks to Splunk. I was looking for a fix anywhere: Splunk my home? Splunk my computer usage? Splunk my health? There were so many data points out there for me to Splunk but none of them would payoff like Splunking my driving…

Rocky Road

At the time, my commute was rough. Roads with drastically changing speeds, backups at hills and merges, and ultimately way more stop and go than I could stomach. But how bad was my commute? Was I having as bad an impact on the environment as I feared? Was my fuel efficiency much worse than my quiet cruise-controlled trips between New York and Boston? …

» Continue reading

Biking With Splunk>4Good for Early Cancer Detection!

Earlier this year, a group of Splunkers decided to embark on the Canary Challenge—getting involved with the fight against cancer to benefit the Canary Center at Stanford.

To help make a difference in the lives of many family, friends, and colleagues who have been touched by cancer, each Splunker was tasked with training for a 50km, 75km, 75mile or 100mile bike ride through the beautiful scenery of the Peninsula and at least $400 worth of fundraising. Our team here at Splunk was able to use some creative fundraising campaigns to raise $7,986 as a team towards exceeding the overall Canary Challenge goal of $1M. In the end, the final fundraising tally of $1,094,322 will help the Canary Center …

» Continue reading

Mission Critical Analytics – Everywhere

You are so incredibly awesome.

That’s what I wanted to call the new release of Splunk Enterprise announced today, but instead we went with Splunk Enterprise 6.1. What this release represents is pretty remarkable. Why? Because it’s defined by what we see you do.

You’ve made machine data a valuable asset in your organization. Whether you’re in IT, on the applications team or on the security team, you’ve helped yield powerful results for the company you work for. So valuable that machine data insights are now more mission critical than ever.

You’re changing how you analyze data—you’re comfortable exploring and analyzing data, knowing that Splunk software will eat just about anything you throw at it and give you answers …

» Continue reading

Splunk 2012 Revolution Awards—Winners!

When I was in Las Vegas last month for our Users’ Conference, I randomly threw twenty dollars into a pirate-themed penny slot machine. It was late at night, I might have had an adult beverage or two, and I was feeling lucky. Actually, I was resigned to losing my $20 and going to bed. To my surprise, after just a few minutes of randomly hitting buttons and playing all 30 lines like a Vegas VIP, I hit some kind of jackpot and walked away with $40. Vegas, I own you!

No doubt about it—everyone loves to feel like a winner! So, on Tuesday night during the Search Party, we distinguished the winners of this year’s Splunk Revolution Awards. The …

» Continue reading

In the Cloud at .conf12

Attending .conf for the first time this year, I was reminded of the lyrics from Elvis’s song Viva Las Vegas

” How I wish that there were more
Than the twenty-four hours in the day
Cause even if there were forty more
I wouldn’t sleep a minute away”

I didn’t want .conf12 to end. Hearing our customers talk about their usage of Splunk, meeting some of you face-to-face and learning all that’s going on in Splunk put me in a high trance – one that I’ve not quite experienced in Vegas before.

Speaking specifically about virtualization – we had multiple sessions – for VMware, for Citrix solutions such as XenDesktop, XenApp, Server Virtualization and more. Here is quick …

» Continue reading

Save the World with Splunk

I was excited and honored to presented a session titled “Save the World with Splunk” at .conf 2012 on September 12, 2012 in Las Vegas, NV. Thanks to the rad Splunk Media Studio team, my talk is now available online for anyone that was unable to catch it the first time around. w00t!

Talk is 35m and here is a short synopsis:

You know Splunk can help you save the day, but did you know Splunk could potentially save the world? We think it’s possible–watch this session to discover how. First we’ll showcase what folks have already done–optimizing the supply chain for delivering aid after an earthquake or monitoring flood water levels to coordinate evacuations. We’ll look at useful sources …

» Continue reading

Splunk Meets Cloud and Virtualization

Less than a week left for .conf and so many exciting sessions to write about. I hope you had the chance to read my other posts about how one of our customers will be discussing their usage of Splunk to think beyond application monitoring and also about the varoius tracks and sessions on Cloud, Virtualization.  We have breakout sessions on our new and recently launched VMware App that discuss installation, configuration, usage, best practices and case studies. There is one more session I believe you just shouldn’t miss out on while you’re attending .conf.

Rick Yetter (@superdadaz), from Apollo Group, a leading provider in higher education programs, is presenting on automation of Splunk alerting within the Cloud. He discusses …

» Continue reading