Splunk in Financial Services

Splunk is often used by financial services customers for the usual indexing, searching, reporting, and analysis of any type of textual IT data. This may include monitoring devices, investigating login attempts, making sure an application is up and running, or centrally searching for data via various log files. As users have become more familiar with the power of Splunk, they have started to use it to monitor, investigate, and report on the business aspects of their operations. What follows is a non-exhaustive discussion of use cases where customers in financial services can further their utilization of Splunk. It is hoped that this provides insight into garnering more value from your data, which is often a theme of my blogs.

Trading …

» Continue reading

Event Correlation

It has been a while since anyone has written a direct blog entry on event correlation here at Splunk so I thought I would write one today. Event correlation can loosely be defined as a technique to relate any number of events with some identifiable patterns (and optionally act upon the relationship). Security vendors may narrowly claim that event correlation is the ability to correlate security related events and alert upon their existence. This is a subset of what event correlation can be. For instance, in a hypothetical case,  I can correlate that if it rains on a major Monday holiday, end of day total sales are lower than average sales for a brick and mortar retail shop. This case …

» Continue reading

Workflows Actions: RSS Feeds, whois, and even BPM

Splunk 4.1 re-introduced a feature called workflow actions, that allows users of Splunk Web to click on a drop down next to a field to send the field as an argument to a remote HTTP server via POST or GET. The 4.1 version is much improved in that the administration and authorization of the feature can be done via Splunk Manager, workflow actions can be set for entire events as well as fields, and one of actions of clicking on the drop down can initiate a new Splunk Search rather than make a remote HTTP call.

This provides an incredibly easy way to integrate external web sites with events and fields in your data. For instance, if one of …

» Continue reading

Largest SplunkLive yet hits the Nation’s Capital featuring IT Gurus from The Washington Post and Federal Agencies

More than 200 people joined us last week in Washington, DC for our largest SplunkLive ever–doubling the number of attendees from the 2009 SplunkLive DC event! Representatives from great companies like BAE, Comcast, Lockheed Martin, McAfee, Qwest Communications, Verizon and representatives from nearly every branch of Federal government were in attendance.

Splunk’s Co-Founders Erik Swan and Rob Das started the day detailing why they created Splunk. Everyone knew there was value in IT data, but the way to search and understand it was complex and troublesome. Google was great for easily and logically finding information on the World Wide Web. Why not apply the same thinking to our log files and IT data? And just look what I can

» Continue reading

Indexing data into Splunk Remotely

Data can reside anywhere and Splunk recognizes that fact by providing the concept of forwarders. The Splunk Forwarder will collect data locally and send it to a central Splunk indexer which may reside in a remote location. One of the great advantages of this approach is that forwarders maintain an internal index for where they left off when sending data. If for some reason the Splunk Indexer has to be taken offline, the forwarder can resume its task after the indexer is brought back up. Another advantage to forwarders is that they can load balance delivery to multiple indexers. Even a Splunk Light Forwarder (a forwarder that consumes minimal CPU resources and network bandwidth) can participate in an auto

» Continue reading

Splunk, Developers, and SOA Apps

When most people first come across Splunk, the first set of users associated with it naturally become operations, security, or compliance personnel. Splunk naturally lends itself for their use. I was speaking to some software engineers explaining what Splunk does and the connection for how it could be used for their engineered Service Oriented Architecture applications did not come immediately. I told them that one of Splunk’s T-Shirts reads “Be an IT Superhero. Go Home Early.” At that point, I got their interest.

Let’s get back to the basics for one of the reasons Splunk exists, which applies to not only SOA, but also to all phases of multi-tier deployment. The typical developer may be involved in multiple …

» Continue reading