Dashboard Digest Series – Episode 5: Maps!

splunk_maps“A map does not just chart, it unlocks and formulates meaning; it forms bridges between here and there, between disparate ideas that we did not know were previously connected.” ― Reif Larsen, The Selected Works of T.S. Spivet

Welcome to Episode 5 of the Dashboard Digest series!

Maps play a critical role in visualizing machine data in almost any industry for thousands of use cases.  We’ve been continuously adding more mapping functionality to Splunk and with the recent addition of Custom Visualizations in Splunk 6.4 you (the community) have too!  This is exciting news as I’ve noticed many times the first panel on a dashboard that draws attention is a map.  The best part is that each of these displays …

» Continue reading

Universal or Heavy, that is the question?

Introduction

As a Professional Services Consultant, a discussion that I often encounter when on site with customers is whether to use a Universal Forwarder or a Heavy Forwarder.

Splunk provides two different binaries, the full version of Splunk and the Universal Forwarder. A full Splunk instance can be configured as a Heavy Forwarder.  The Universal Forwarder is a cut down version of Splunk, with limited features and a much smaller footprint.

I am going to show in this blog why Splunk Professional Services recommend the use of Universal Forwarders in preference to Heavy Forwarders whenever possible to ensure a faster, more efficient Splunk Platform.

When should the Universal Forwarder be used and why?

The Universal Forwarder is ideal for collecting files from disk (e.g. a syslog …

» Continue reading

Table Datasets – Data Prep & Analysis without SPL

One of the highlights of Splunk Enterprise 6.5 is Table Datasets. It’s a significant breakthrough that improves productivity and unleashes the power of machine data analysis to a much broader set of users across your organization.

Go Get It! Splunk Enterprise customers need to upgrade to 6.5 then download the Splunk Datasets Add-on from Splunkbase to install the feature – and over 3000 customers have already! Splunk Cloud customers have it pre-installed as part of their standard upgrade.

With Table Datasets:

  • Power users can more easily prep data into a structured format that’s ready for downstream users to put to use for analysis
  • Occasional, non-proficient users can further refine the data, perform in-depth analysis and generate reports – all without
» Continue reading

SF Muni Hacked. Learn How to Detect Ransomware in Your Environment

Join security expert James Brodsky for our How-to Webinar: Detection of Ransomware and Prevention Strategies on December 13.

SF Muni was hit with a Ransomware attack last week, just as the prime holiday shopping season was kicking off. For many, the free fares for the weekend while Muni assessed the damage probably seemed like a holiday gift or customer service bonus.

But the lost revenues and potential $73K ransom they were asked to pay was no bonus for the IT and security teams.

News of Ransomware attacks are becoming much more common these days, with a reported $209M paid to ransomware criminals in Q1 2016 and the FBI anticipating ransomware to be a $1B source of income for cybercriminals this year.

Ransomware attacks are on the rise.

Ransomware attacks

» Continue reading

Dashboard Digest Series – Episode 4 – NFL Predictions

In Episode 4 we will take a look at the four downs of football. We used the Machine Learning Toolkit and more than a decade of NFL data to build models to make predictions during NFL games.

In order to make it quick and easy to plug in a scenario and visualize the most likely outcomes, we made a simple dashboard so editors at Sports Illustrated could try it out during a game. You may have seen the dashboard if you were watching CNN before the Super Bowl earlier this year:

Purpose: Predict the next play
Splunk Version: Splunk 6.4
Data Sources: Every NFL play and player since 1999
Apps: Machine Learning Toolkit, Shapester

The data contains a lot of fields

» Continue reading

Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM

New Webinar — register now:
Let’s Get Critical: The Capabilities You Need for an Analytics-Driven SIEM

In the Gartner 2016 Critical Capabilities for Security Information and Event Management (SIEM) report, Splunk scored the highest in all three use cases*: Basic Security Monitoring, Advanced Threat Detection and Forensics and Incident Response

In this report, each capability is then weighted in terms of its relative importance for specific product/service use cases.

SIEMPIC1
 
SIEMPIC2
 
SIEMPIC3

SIEM technologies provide a set of common core capabilities that are needed for all basic security monitoring use cases. Other SIEM capabilities are more critical for the advanced threat detection or incident response and management use cases.

The eight critical capabilities used in the 2016 report to determine scores …

» Continue reading

Best Practices for using Splunk Enterprise for compliance

Screen Shot 2016-11-09 at 2.06.28 PMIn September at .conf2016, the Splunk worldwide users conference, I co-presented a session titled “How to Use Splunk for Automated Regulatory Compliance.” It included a discussion of regulatory compliance and standard/framework 101 and how Splunk could be used for compliance, including some case studies and product demos of the Splunk App for PCI Compliance, the CIS Critical Security Controls App for Splunk, Splunk Enterprise Security, and Splunk User Behavior Analytics.

For the technical ninjas attending the session, the most interesting part was probably the closing section covering best practices related to using Splunk Enterprise for compliance which is the focus of this blog post. I have listed these best practices below in …

» Continue reading

What is your “Art of the Possible” Idea?

Screen Shot 2016-11-03 at 2.45.28 PM

Allow me to paint a quick picture for you and then ask a few simple questions that are intended to significantly advance your career.

You work at a company, in an organization and at a job that pays the bills.  Your job is two parts keep the train on the tracks and one part emergency repair person.  Said another way, the long bouts of mundane routine is interrupted by emergencies not of your doing and most of the time not your responsibility but hey, when something breaks everyone gets involved.

The above story could be someone in IT, Security – or even the business (as we all have our part to do and each person contributes to the daily function of …

» Continue reading

Personal Dev/Test Licenses give you the freedom to explore

Screen Shot 2016-11-02 at 8.39.27 AM

Do you have a new use case to validate? Untapped data sources to investigate? Wouldn’t it be great to explore how Splunk might help other parts of your organization? All without impacting your production systems and license usage…

Free Personal Dev/Test Licenses

At .conf2016 in September, CEO Doug Merritt was clear that we want to make easier for you use Splunk across your business. Enforced metering is gone. And exploring new use cases should be hassle-free.

So now any Splunk Enterprise or Splunk Cloud customer employee can get a free personalized Splunk Enterprise Dev/Test software license. Each license is valid for up to 50 GB daily data ingestion and a six-month renewable term, giving you ample power and time to …

» Continue reading

Dashboard Digest Series – Episode 3

energy_small

Welcome to Episode 3 of the Dashboard Digest series! At Splunk we love to eat our own dogfood so in this episode we will see a dashboard showing energy and water usage at Splunk headquarters in San Francisco! Additionally you’ll see a few new custom visualizations that became available for use in Splunk 6.4 as well as use of the Machine Learning Toolkit.

Purpose: Display and analyze building energy and water usage. Use machine learning to forecast energy usage, detect outliers and look for anomalies.
Splunk Version: Splunk 6.4 and above
Data Sources: Sensor data in JSON format coming from Aquicore devices.
Apps: Machine Learning Toolkit, Water Gauge Visualization, Calendar Heatmap Visualization

Summary of tips/tricks used:…

» Continue reading