Introducing Splunk Mobile App 2.0

I am thrilled to announce the availability of Splunk Mobile App 2.0. With the new release, Splunk Mobile App now supports Android phones as well as all iOS devices.

Enterprise Ready 
What’s most exciting to me is that Splunk Mobile App now supports enterprise security requirements for single sign-on and Mobile Device Management compatibility. And with support for Splunk Enterprise search head clustering, Mobile App can now meet the needs of large-scale deployments.

Essentially, Mobile App has now moved from an early adopter curiosity to a fully-fledged enterprise app and bona fide interface to Splunk intelligence.

Screen Shot 2015-02-02 at 8.55.10 AM
Flexibility for Front-Line Admins
The Mobile App allows operations to stay on top of ops status and quickly resolve issues while on the …

» Continue reading

Big data just got its Tricorder


In Star Trek a Tricorder is described as:

“A Tricorder is a multifunction hand-held device useful for data sensing, analysis, and recording data, with many specialized abilities which make it an asset to crews aboard starships and space stations as well as on away missions”.

I’m happy to announce the launch of the Splunk Mobile App, which unofficially I’m calling the “Big Data Tricorder”. You can download it from here (iTunes).

The Splunk Mobile App allows you to take the Splunk (Starship) Enterprise platform and allows you to explore strange new insights, to seek out new data and new visualizations, to boldly go where no machine data has gone before.

You can find more in the official press release here

» Continue reading

Splunk Alerts and Charts on Your iPhone

Now Splunk is EVERYWHERE!

Push alerts and charts to your cellphone from your Splunk servers, when you’re on the beach.  Get your Splunk data conveniently on the go.  Available now!

EVERYWHERE is a one-way data push from firewalled splunk servers to mobile devices, via a cloud-based service run by Splunk or your own organization.

Go here:  Get the app for your Splunk server, sign up for the cloud services, and get the iPhone app.

Not an official Splunk product, but a really useful skunkworks project.

» Continue reading

SPLogger: iPhone Logging API

This week I put up on GitHub an early version of a Splunk logging API for iPhone developers, call SPLogger.  We’d love feedback, code contributions, suggestion.  The SPLogger API allows iPhone developers to log events in their application and have them go to Splunk Storm (, which is free for up to a GB of data. If you currently have no insight into how your app is being used, or by whom, this can come in handy, and of course you’ll have the full power of SPL, Splunk’s search language.

To get the SPLogger API, download it via either method:

Using Storm for Analytics

By using SPLogger, all events from all mobile devices are uploaded

» Continue reading

Analyzing Flurry data

Have a mobile app that sends data to Flurry? Would you like to do some custom analysis on that data? Splunk to the rescue!

The new Flurry App for Splunk provides a scripted input that automatically extracts events from an existing Flurry account.…

» Continue reading

Time & Technology

This news last month caught my eye – that Apple Corporation purchased the 98-acre Hewlett Packard campus at Homestead and Wolfe in Cupertino.  Quite a time ago at this same site I started my career at HP as a programmer working on HP’s internal payroll systems. HP was then an amazing, innovative company, dedicated to bringing affordable computer systems to business.  I remember our early deployment of “touch screen” computers and graphical interfaces that we hoped would make business systems much more interesting and consumable.

Years later, it’s good to hear that Apple is moving into the old campus, and it seems a fitting new occupant given their continued drive to democratize computing, bringing consumers a “touch screen” system that …

» Continue reading

How to use Notifo to receive Splunk alerts on your iPhone

In this article I’ll describe how I use Splunk and Notifo to alert me whenever someone tries to login to my system with invalid credentials. Notifo is push-based notification service for mobile phones, in our example we’ll be using the iPhone.


  1. Setup a Notifo account.
  2. Install the Notifo app on your iPhone.
  3. Install the Python module.
  4. Install the Python alert script.
  5. Setup
  6. Setup saved search.


  • This process assumes that you’ve got Splunk installed and monitoring a file containing sshd log messages.


» Continue reading

Splunk and iPhone

I’ve been playing with a few things that will eventually turn into an iPhone application to talk to Splunk via the REST API. I don’t have a lot to say about it right now due to other issues but I do have a little something to show off:

Splunk doesn’t support Safari officially yet and MobileSafari is a whole ‘nother animal, but there are other things you can do. You can talk to the REST endpoints just fine. Here I have a Live Tail search running from the browser, talking to my production server.…

» Continue reading

Splunk Hack #2 – Logging Safari Requests on the iPhone

Mark Cohen posted a while back about enabling syslog on the iPhone for the sole purpose of logging to a Splunk instance on your laptop. This hack is a follow up to that post, and extends it slightly to include logging of the pages browsed by Safari on the phone. WARNING: If you brick your phone, you can still use it as an ergonomic pot-scraper. Splunk won’t be responsible for you going off and getting your $600 $400 piece of joy stuffed, but we’ll be happy to log the event.

Let’s get dirty. Go into and set locking to ‘never’. This will keep the phone on while you hack around on it. Keeping the phone on and connected to …

» Continue reading

Splunking your iPhone

Had a little fun last night. Enabled syslogd on the iPhone and sent the logs to a splunk instance via UDP/514

Process is hacking your iPhone and install ssh. Enable syslogd by the following method. (Thanks to core on #iphone)

20:00 so to get syslog running you need /etc/syslogd.conf from your mac
20:01 then break the syslog in /System/Library/LaunchDaemons/ by putting in bad values
20:01 then restart the phone and run 20:01 /usr/sbin/syslogd -bsd_out 1 &

Then edit /etc/syslog.conf and append *.* @loghost

Restart syslogd and you’re set.

Then just set splunk up to listen on 514/UDP and you have iPhone logs.

Interesting bit found? launchd, the service that starts up the daemons on the iPhone just keeps respawning …

» Continue reading