Smart AnSwerS #22

Hey there community and welcome back to Smart AnSwerS, the 22nd installment of its kind.

I just got back to the office from a two week vacation to find my desk surrounded by a jungle of plants, my chair wedged horizontally on the side of my desk, an inflatable giraffe with a St. Patrick’s Day hat, and a cardboard cutout of a snooty waiter. Somehow, I wasn’t surprised with the number of pranksters surrounding me, so it was expected haha. I also came back to 800+ posts that have gone live on Answers since my departure! I’m glad the community is as lively as ever, though, it will take me some time to sift through all that content, …

» Continue reading

.conf2014 Highlight Series: Detecting Fraud and Suspicious Events Using Risk Scoring

LGO-conf2015-RGB

.conf2015 registration is open!

We’re excited to continue our series of .conf2014 #TBT highlights, especially as we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas this September. This week we revisit Robert Perdues’s presentation about how Splunk can be used to detect fraud and suspicious events using risk scoring.

Skill Level:
Intermediate

Solution Area:
Fraud, Security

Splunk:
Splunk Enterprise

Presentation Overview:
This session showcases how Splunk can be used to build a risk scoring engine designed to detect fraud and other suspicious activities. This presentation includes a real-world fraud detection use case, a detailed description of the searches and lookups, which drive risk scoring, as well as other cyber security related applications of risk …

» Continue reading

Zillow developing on Splunk

zilllowThe Splunk Developer platform allows extending the capabilities of Splunk Enterprise by building your custom solutions. One of the ways to extend Splunk is to implement custom search commands, effectively extending Splunk Search Processing Language (SPL). Custom search commands are programs that allow you to stream or report on data.

In a recent Seattle Splunk User Group meeting, Bernie Macias and Jerome Ibanes of Zillow provided an overview of custom search commands, discussed the anatomy of a command, and provided a deep dive into building and packaging them. They demonstrated real-world usage of custom search commands at Zillow.

You can read Bernie’s indepth post on the Zillow blog: Splunk at Zillow

For additional guidance on custom search commands and …

» Continue reading

Accelerate the Detection of Advanced Threats and Malicious Insiders

Cyber threats are becoming increasingly sophisticated, employing multiple attack vectors and utilizing legitimate ports to exfiltrate sensitive company information. These threats often sit undetected on infected systems for months while modifying, viewing, and stealing your data. And unfortunately, finding them is only part of the battle. To effectively remediate them can require days or weeks of investigation from the security team to trace back through the kill chain to determine the source of the infection, the path it employed, and the actions it took. Of course, this is of concern on multiple fronts; not only does the infection remain for a longer period of time, but the cost of remediation can become significant in its own right.

Similarly, malicious insiders …

» Continue reading

Smart AnSwerS #19

Hey Splunk Community! Welcome to the 19th installment of Smart AnSwerS.

With Splunk HQ just 2 blocks away from the San Francisco Giants stadium, the bustle of game day foot traffic can be pretty disruptive–today some random jerk banged pretty hard on the street-level windows. There has been a home game every day this week and it’s always an interesting commute to and from the office through waves of black and orange and accompanying traffic car-mageddon. Luckily, facilities keeps us informed and forewarned on game day madness, about things like $50-$60 flat parking rates *jaw drops ensue* Tis the season!

Check out this week’s featured Splunk Answers posts:

Is there a way to separate the hot and warm bucket

» Continue reading

Smart AnSwerS #18

Hey Splunk community and welcome to the 18th installment of Smart AnSwerS.

Earlier this week, piebob got a shipment with numerous bags of Hershey’s chocolates and candies from one of our amazing customers (thanks alacercogitatus!). It has all been laid out on a table 15 feet behind me, staring into my very soul every day. I look over my shoulder occasionally to see the progress made, semi-hoping it’ll be gone for the greater good of my temptations…but who am I kidding *grabs some chocolate* – Check out this week’s featured Splunk Answers posts:

Is it possible to create a dashboard where you must manually select a panel before a search is run to improve performance?

therockhead was tasked with …

» Continue reading

Smart AnSwerS #17

Hey Splunk community and welcome to the 17th installment of Smart AnSwerS!

Since our Splunk FY’16 Sales Kickoff fell on Presidents’ Day and was a mandatory work event, the holiday was moved to another date that, of course, I didn’t think to keep track of. Good thing I found out accidentally through conversation with another Splunker earlier this week before it was too late! Let it be known that tomorrow, April 3rd, 2015 is officially “Spring Day” for Splunk in America. I would have made my commute to a dark and lonely office, and it wouldn’t have been the first time. Hah!

Check out this week’s featured Splunk Answers posts:

Why is my sourcetype configuration for JSON events with

» Continue reading

Smart AnSwerS #16

Hey Splunk community and welcome to the 16th installment of Smart AnSwerS.

It seems like there’s a national holiday for almost everything now, and corn dogs fortunately made the cut! National Corn Dog Day was this past Saturday, March 21st, but we celebrated at Splunk HQ last Thursday. Boiling hot oil was at the ready for frying up corn dogs and tater tots all afternoon? I’m sold!

Check out this week’s featured Splunk Answers posts:

How does indexer acknowledgement work with indexer clustering replication to guarantee that no data is lost?

Glenn wanted to fully understand how indexer acknowledgement worked from start to finish in an indexer cluster. He was concerned about possible data loss if the …

» Continue reading

Smart AnSwerS #15

Hey Splunk community and welcome to the 15th installment of Smart AnSwerS.

Splunk HQ never misses a chance to get down and festive when the opportunity strikes, and St. Patrick’s Day was no exception. Facilities equipped the office with some awesome green hats, noisemakers, beads, and even kicked off the middle of the afternoon with some Irish music! Although, I’m pretty sure the music genre changed later in the day when I could feel some heavy bass shaking my desk up a bit. That’s when you know the work day is over. 😛 – Check out this week’s featured Splunk Answers posts:

How does Splunk handle transactions that span search time boundaries?

If you’re running a transaction search …

» Continue reading

Smart AnSwerS #14

Hey there and welcome to the 14th installment of Smart AnSwerS.

Here at Splunk, we’re not only building a community of users through user groups as highlighted in last week’s Smart AnSwerS blog, but we also participate in some cool projects for various communities at large through our corporate social responsibility program Splunk4Good. What better way to make a difference than through using our very own products to analyze and visualize big data for positive social impact? You can check out live projects at www.splunk4good.com to see the potential and possibilities. Aside from just using Splunk to do good, we ourselves engage with local (and not so local) communities too. Just this past Tuesday, piebob and …

» Continue reading