SPLogger: iPhone Logging API
This week I put up on GitHub an early version of a Splunk logging API for iPhone developers, call SPLogger. We’d love feedback, code contributions, suggestion. The SPLogger API allows iPhone developers to log events in their application and have them go to Splunk Storm (www.splunkstorm.com), which is free for up to a GB of data. If you currently have no insight into how your app is being used, or by whom, this can come in handy, and of course you’ll have the full power of SPL, Splunk’s search language.
To get the SPLogger API, download it via either method:
Analyzing Flurry data
Have a mobile app that sends data to Flurry? Would you like to do some custom analysis on that data? Splunk to the rescue!
The new Flurry App for Splunk provides a scripted input that automatically extracts events from an existing Flurry account.
Time & Technology
This news last month caught my eye – that Apple Corporation purchased the 98-acre Hewlett Packard campus at Homestead and Wolfe in Cupertino. Quite a time ago at this same site I started my career at HP as a programmer working on HP’s internal payroll systems. HP was then an amazing, innovative company, dedicated to bringing affordable computer systems to business. I remember our early deployment of “touch screen” computers and graphical interfaces that we hoped would make business systems much more interesting and consumable.
Years later, it’s good to hear that Apple is moving into the old campus, and it seems a fitting new occupant given their continued drive to democratize computing, bringing consumers a…
How to use Notifo to receive Splunk alerts on your iPhone
In this article I’ll describe how I use Splunk and Notifo to alert me whenever someone tries to login to my system with invalid credentials. Notifo is push-based notification service for mobile phones, in our example we’ll be using the iPhone.
- Setup a Notifo account.
- Install the Notifo app on your iPhone.
- Install the notifo.py Python module.
- Install the splunknotifo.py Python alert script.
- Setup splunknotifo.py
- Setup saved search.
- This process assumes that you’ve got Splunk installed and monitoring a file containing sshd log messages.
Splunk and iPhone
I’ve been playing with a few things that will eventually turn into an iPhone application to talk to Splunk via the REST API. I don’t have a lot to say about it right now due to other issues but I do have a little something to show off:
Splunk doesn’t support Safari officially yet and MobileSafari is a whole ‘nother animal, but there are other things you can do. You can talk to the REST endpoints just fine. Here I have a Live Tail search running from the browser, talking to my production server.
Splunk Hack #2 – Logging Safari Requests on the iPhone
Mark Cohen posted a while back about enabling syslog on the iPhone for the sole purpose of logging to a Splunk instance on your laptop. This hack is a follow up to that post, and extends it slightly to include logging of the pages browsed by Safari on the phone. WARNING: If you brick your phone, you can still use it as an ergonomic pot-scraper. Splunk won’t be responsible for you going off and getting your
$600 $400 piece of joy stuffed, but we’ll be happy to log the event.
Let’s get dirty. Go into settings..general..auto-lock and set locking to ‘never’. This will keep the phone on while you hack around on it. Keeping the phone on and connected…
Splunking your iPhone
Had a little fun last night. Enabled syslogd on the iPhone and sent the logs to a splunk instance via UDP/514
Process is hacking your iPhone and install ssh. Enable syslogd by the following method. (Thanks to core on #iphone)
Then edit /etc/syslog.conf and append *.* @loghost
Restart syslogd and you’re set.
Then just set splunk up to listen on 514/UDP and you have iPhone logs.
Interesting bit found? launchd, the service that starts up the daemons on the…