My experience of building Splunk application
I joined Splunk a couple weeks ago and my first challenge was to learn everything I could about how to build Splunk applications. The best way of doing that is just to write your own application – and this is exactly what I did.
Application which I wrote contains two parts. The first part of application is a very simple scripted input for Firebase, the second part of application is built with the Splunk Web Framework that shows you objects and their routes on Google Maps using both real-time or playback historic information.
I hope that my experience can give you some thoughts about how you can extend Splunk for your needs.…
Fixing Windows Time Problems for Splunk
I’ve just been bitten. We all do, eventually. The case of the dreaded time sync problem. I had a Universal Forwarder sending my Indexer a whole bunch of data. But my searches were not seeing the data because I had a time synchronization error – my Universal Forwarder was a little in advance of my indexer – enough that it was a problem.
Of course, tracking this down is difficult, and there are various techniques you can use. My favorite is using the metrics.log file on the universal forwarder to see if data is being sent. You might also use the “All Time” approach, although I don’t recommend that if you have a lot of data.
So, how do you …
Clustering Optimizations in Splunk 6
One of the new features we introduced in Splunk 6 is the Simplified Clustering Management. This allows administrator to setup and monitor the health of the cluster through an easy to use, intuitive UI. In addition to the cool new UI, many performance optimizations were added to handle peer failures and recovery from such failures blazingly fast. In this blog post, I’m going to highlight two such performance optimizations.
1. First Searchable Copy Optimization
This optimization is all about making sure that at least one, complete searchable copy exists in the cluster so that business users can continue to use the data while the cluster master is handling peer failures.
Let’s take a look at this with an example. Assume …
Cloudy with a chance of Splunk!
Along with a brand new shiny version of Splunk Enterprise, we took the wrapper off a brand new shiny cloud service, Splunk Cloud just last week at Splunk’s annual user conference, .conf2013.
Splunk Cloud, available on an annual subscription basis, provides access to all the features of Splunk enterprise, and can connect with your existing Splunk Enterprise deployments to provide views and dashboards that span all your applications and infrastructure.
This exciting news almost overshadowed the second sub-announcement we made around our developer-focused cloud service Splunk Storm – we have made Splunk Storm completely free, for up to 20GB of total storage and 30 days of data retention!
Both announcements outline just how important cloud is to Splunk – not …
New version of Splunk App for Unix and Linux for Splunk 6!
Splunk 6 is now here and you are probably wondering how your large-scale Unix and Linux deployment can benefit from it? I am happy to announce that a new version of one of our most popular apps, Splunk App for Unix and Linux (also called the *nix App) is now here. And you can deploy it with Splunk 6. Check it out at http://apps.splunk.com/app/273
This app has all the makings of a crowd-pleaser, we think! We heard from you that you do not want to spend hours looking for those few misbehaving hosts among all the thousands you manage. Check out our fancy new visualizations we created for you to easily find the operational status across large scale*nix environments.
Splunk for Networking and SDN: In Action in Vegas!
Have you registered for Splunk Worldwide Users’ Conference .conf2013 in Vegas? If not, please hurry up and register here http://conf.splunk.com/. Time is running out!
Come to our session “Splunk for Networking and SDN” on October 1st, 1:45 PM to learn how Splunk can help you gain get deeper visibility into your existing networking infrastructure as well as your Software Defined Networking rollouts. We will discuss how to utilize Splunk to optimize your networking resources to cater to dynamically changing applications’ needs, reducing the number of monitoring solutions in your network, increasing security and of course, saving you money!
To see Splunk in action in the networking space, please stop by the booths and/or sessions of our technology partners Arista Networks …
I tend to travel quite a bit in my role at Splunk.The other day I was wondering to myself how far I had traveled in the last week , the last month , the last year. It just so happens that I am a Foursquare user , not because I like to hoard mayorships across the globe , rather I tend to use Foursquare checkins to help me remember where I have been.Now you get where I am gong with this , because “where have I been” actually means “a lot of cool location meta data” that I can have fun with.
I was looking around online for a simple tool that could hook into Foursquare to tell me how …
BoxWorks and Cloud Security
Will be at BoxWorks next week speaking during the afternoon keynote about Splunk’s use of Box as our document management platform. Part of the discussion will focus on what we are doing in terms of securing our cloud assets, and it will be no surprise that we use Splunk to track access, failed login attempts, and other metrics to monitor use of our information. This will be enhanced in the coming weeks as we complete a Splunk App for Box which will set up the real time feed from the Box platform into our internal environment. A sample of the type of dashboards we can produce is shown herein (top logins into Box over the last 30 days) but some …
Realtime alerts of mobile app crashlog
In the previous articles, we discussed about how to include the library to forward crashlog from iOS and Android mobile apps into Splunk Enterprise, install a Splunk app to aggregate the forwarded logs from mobile devices and then perform some simple analytics with the indexed data. If you have been following closely the write-ups and Splunk-ing the valuable data from iOS and Android mobile apps, you might be interested to know how to setup an alerting mechanism in the event of a crash.
We are going to discuss in particular how to configure realtime alerts via email with PDF attachment using Splunk Enterprise. It takes very little time …
Getting manufacturing data into splunk
Quality, Quality, Quality
Because of quality-related product defects, three world-wide recalls by Toyota during late 2009 and early 2010 cost the company billions of dollars and decreased sales.
“Toyota has, for the past few years, been expanding its business rapidly. Quite frankly, I fear the pace at which we have grown may have been too quick. I would like to point out here that Toyota’s priority has traditionally been the following: First; Safety, Second; Quality, and Third; Volume. These priorities became confused, and we were not able to stop, think, and make improvements as much as we were able to before, and our basic stance to listen to customers’ voices to make better products has weakened somewhat. We pursued growth