Accelerate the Detection of Advanced Threats and Malicious Insiders

Cyber threats are becoming increasingly sophisticated, employing multiple attack vectors and utilizing legitimate ports to exfiltrate sensitive company information. These threats often sit undetected on infected systems for months while modifying, viewing, and stealing your data. And unfortunately, finding them is only part of the battle. To effectively remediate them can require days or weeks of investigation from the security team to trace back through the kill chain to determine the source of the infection, the path it employed, and the actions it took. Of course, this is of concern on multiple fronts; not only does the infection remain for a longer period of time, but the cost of remediation can become significant in its own right.

Similarly, malicious insiders …

» Continue reading

Smart AnSwerS #19

Hey Splunk Community! Welcome to the 19th installment of Smart AnSwerS.

With Splunk HQ just 2 blocks away from the San Francisco Giants stadium, the bustle of game day foot traffic can be pretty disruptive–today some random jerk banged pretty hard on the street-level windows. There has been a home game every day this week and it’s always an interesting commute to and from the office through waves of black and orange and accompanying traffic car-mageddon. Luckily, facilities keeps us informed and forewarned on game day madness, about things like $50-$60 flat parking rates *jaw drops ensue* Tis the season!

Check out this week’s featured Splunk Answers posts:

Is there a way to separate the hot and warm bucket

» Continue reading

Smart AnSwerS #18

Hey Splunk community and welcome to the 18th installment of Smart AnSwerS.

Earlier this week, piebob got a shipment with numerous bags of Hershey’s chocolates and candies from one of our amazing customers (thanks alacercogitatus!). It has all been laid out on a table 15 feet behind me, staring into my very soul every day. I look over my shoulder occasionally to see the progress made, semi-hoping it’ll be gone for the greater good of my temptations…but who am I kidding *grabs some chocolate* – Check out this week’s featured Splunk Answers posts:

Is it possible to create a dashboard where you must manually select a panel before a search is run to improve performance?

therockhead was tasked with …

» Continue reading

Smart AnSwerS #17

Hey Splunk community and welcome to the 17th installment of Smart AnSwerS!

Since our Splunk FY’16 Sales Kickoff fell on Presidents’ Day and was a mandatory work event, the holiday was moved to another date that, of course, I didn’t think to keep track of. Good thing I found out accidentally through conversation with another Splunker earlier this week before it was too late! Let it be known that tomorrow, April 3rd, 2015 is officially “Spring Day” for Splunk in America. I would have made my commute to a dark and lonely office, and it wouldn’t have been the first time. Hah!

Check out this week’s featured Splunk Answers posts:

Why is my sourcetype configuration for JSON events with

» Continue reading

Smart AnSwerS #16

Hey Splunk community and welcome to the 16th installment of Smart AnSwerS.

It seems like there’s a national holiday for almost everything now, and corn dogs fortunately made the cut! National Corn Dog Day was this past Saturday, March 21st, but we celebrated at Splunk HQ last Thursday. Boiling hot oil was at the ready for frying up corn dogs and tater tots all afternoon? I’m sold!

Check out this week’s featured Splunk Answers posts:

How does indexer acknowledgement work with indexer clustering replication to guarantee that no data is lost?

Glenn wanted to fully understand how indexer acknowledgement worked from start to finish in an indexer cluster. He was concerned about possible data loss if the …

» Continue reading

Smart AnSwerS #15

Hey Splunk community and welcome to the 15th installment of Smart AnSwerS.

Splunk HQ never misses a chance to get down and festive when the opportunity strikes, and St. Patrick’s Day was no exception. Facilities equipped the office with some awesome green hats, noisemakers, beads, and even kicked off the middle of the afternoon with some Irish music! Although, I’m pretty sure the music genre changed later in the day when I could feel some heavy bass shaking my desk up a bit. That’s when you know the work day is over. :P – Check out this week’s featured Splunk Answers posts:

How does Splunk handle transactions that span search time boundaries?

If you’re running a transaction search within …

» Continue reading

Smart AnSwerS #14

Hey there and welcome to the 14th installment of Smart AnSwerS.

Here at Splunk, we’re not only building a community of users through user groups as highlighted in last week’s Smart AnSwerS blog, but we also participate in some cool projects for various communities at large through our corporate social responsibility program Splunk4Good. What better way to make a difference than through using our very own products to analyze and visualize big data for positive social impact? You can check out live projects at www.splunk4good.com to see the potential and possibilities. Aside from just using Splunk to do good, we ourselves engage with local (and not so local) communities too. Just this past Tuesday, piebob and …

» Continue reading

Smart AnSwerS #13

Hello Splunk Community, and welcome to the 13th installment of Smart AnSwerS!

Some exciting stuff is under way this year with Splunk User Groups worldwide…but wait, what’s a Splunk User Group? Well I’m glad you asked! It’s a group of folks who use Splunk products who are interested in connecting with other users in their geographic region. Whether it’s building your networks, bouncing around ideas and use cases through discussion, sitting in on some interesting talks by subject matter experts, you name it. Learning all there is to know about Splunk might seem daunting, but what better way to learn and grow than from other users with different backgrounds of experience?

So what’s the exciting news? Right now we’re …

» Continue reading

Splunk App for Stream 6.2 delivers a big bag of goodies!

The Splunk App for Stream just got better! In addition to support for Linux and Mac operating systems, I am pleased to announce that the app now supports Windows 2008 R2 and Windows 7. This new 6.2 version is available now on Splunk Apps. You can use Splunk software with the Splunk App for Stream to correlate wire data with other machine data from any other technology.

In the past releases of Splunk App for Stream, we offered you various ways to work with your wire/network data, whether you wanted to observe all of the data or just a subset of protocols and defined fields. We are now adding even more options for data collection and extraction. The Splunk …

» Continue reading

Smart AnSwerS #12

Hello Splunk community and welcome to the 12th installment of Smart AnSwerS.

I had just come back from eating lunch and what do I find 10 feet away from my desk? Over 15 boxes of leftover pizza from a meeting of course. I fight the urge to grab a slice or five and I take a break for the gym instead. I get back to the office and what do I find in the kitchen? 3 boxes of leftover deep dish pizza. I reach for a cup of tea instead and head to my desk. Our amazing executive assistant Jade Lo comes around with a box full of large buttery cookies of all flavors. What do I do? …

» Continue reading