Custom Icons in Splunk 6 Tables

“Daddy. DADDY! We’re out of Sriracha. Does Costco sell Sriracha? Can you go get some before you start working today?”

That was my five-year-old son at breakfast this morning, after he turned the Sriracha bottle upside down and banged the heck out of the bottom of the rooster-adorned bottle with his tiny fist, trying to get the last bits of the dark-red chili sauce deposited onto his scrambled eggs.

While I’m certain we will solve the 2014 Sriracha Crisis at the Brodsky household, the whole episode reminded me of a question (stick with me, you’ll see why) that a Splunk customer asked me a few months ago, which went something like this:

“When creating a dashboard in Splunk 6,

» Continue reading

Toggle Visibility of Dashboard Components with jQuery

Sometimes a dashboard can become too busy to focus. This is especially true when you have both summary and detailed data on a Key Performance Indicator (KPI) dashboard. An example of this would be the Citrix XenApp app User Experience dashboard as seen below:

This dashboard scores the various components that impact a user’s experience – things like network latency, server performance, hypervisor performance, shared storage latency, Netscaler throughput, etc.  There is just too much information to show all at once, so we hide parts of the dashboard and allow the user to view the detailed information of only what they want to see.


Toggle with Simple XML

Adding toggle buttons to hid/show parts of your dashboard isn’t all …

» Continue reading

Splunking jQuery Conference: drive user experience online and on site!

jQuery Portland 2013 Conference

Last June, jQuery Foundation held their conference in beautiful Portland, Oregon. As a Diamond Sponsor, we wanted to build something that would be beneficial to the jQuery community part of our Splunk4Good initiatives. What’s better than Splunking the entire conference?

To see the end result, check out this interactive infographic showcasing Splunk-powered web analytics applied to the conference website. The complete Splunk dashboard can be found here.

The goal is to capture client-side data (e.g. pageviews, link/button clicks, hovers), and build powerful analytics & visualizations in order to tackle the following business questions:

  1. Which topics are visitors most interested in?
  2. What are the top traffic sources for visitors who purchase tickets?
  3. How are visitors interacting with the site, including
» Continue reading

How’s Traffic?

By the title of this post, many of you may assume that I am referring to network traffic. However, today’s topic is about monitoring vehicular traffic incidents or what some of us call accidents in most cases. I found a feed from that lists recent incidents for a known USA city if the city is used as the last part of the URL. The information returned explains the jam factor (how crowded the roads are), severity of the incident and its location. Armed with this information, I created a Splunk app around it and put it on Splunkbase for you to use. Instructions are provided on what text file to update to add or delete the cities you …

» Continue reading

Visualizing Big Data with Splunk

To all .conf attendees, thank you for attending my presentation today. It was really heart-warming to see the strong support from you. The room reached full-occupancy within minutes!

To those that missed this session, there will be an encore session to talk about the internals of the concept viz app. We’ll look at the design and then dive straight into the codes:

Visualizing your Big Data
Castellana 1
Thursday, Sept 13, 2012
11:45am -12:15 pm

See you tomorrow and we’ll see how far your BIG data take you in your journey!
Follow me at @nicholaskey or

» Continue reading

Speech-to-text with Splunk: converting natural language into Splunk search commands

Is that possible at all? At Splunk, we are constantly experimenting ways to make Splunk more usable. This new approach allows users to “talk” to Splunk (with a microphone) and transforms natural language into Splunk search command.

Notice the small little microphone icon in the textfield? That small little icon unlocks a huge potential to make splunk more user friendly.

Interested to learn more about this concept app?
Come join us at the Chalk-talk session on
Monday, September 10, 2012
5pm – 7pm
Gracia Commons, Level 3 Cosmopolitan Hotel

» Continue reading

Visualizing your Splunk /etc/apps directory

Here’s a thought. “Visualizing the content in the /etc/apps directory of your Splunk instance”. Is that possible with Splunk? There’s an app for that.

Here’s a sneak preview of the app …

Come join us and learn more in the Developing on Splunk sessions at .conf!

» Continue reading

Visualizing your data with Splunk

Hello! How may I help you? Hmmm … you want to visualize your indexed data with other means other than the traditional pie charts, bar charts and tables? I see … and you want to have full control to integrate external tools and plugins into your app because you are feeling adventurous? Is that possible with Splunk?


Come join us and learn more in the Developing on Splunk sessions at .conf!

Let’s discover together the interesting yet easy to understand approach in developing custom apps that work seamlessly with Splunk as your data platform. Explore the ways how to make use of external tools to visualize your events as illustrated below:
Hierarchical graph

Wow … what did you just see? …

» Continue reading

Splunk and Sports

As I write this, the NBA Basketball playoffs are under way and some of you may be interested in what is currently happening with the sport. If you are a Splunk user, it may be worthwhile to take a break while you send a search to the background and get the latest playoff news and standings from Splunk Web itself. To meet that objective, I’ve created a simple XML dashboard which shows the latest RSS headlines from and ESPN in 2 different panels with their respective web pages in iFrames. In this manner, I can do my Splunk work and also jump to this basketball app to catch up with what is going on in the NBA. Here’s a …

» Continue reading

Colorize your world…or at least your Splunk results.

I uncharacteristically spent more than a few minutes last weekend writing up and testing a response for Splunk>Answers, and after addressing it in last week’s podcast, I thought I should cover it further in a blog post.

The title theme of our SplunkTalk podcast last week was the Big Event, and we broke down a bunch of dialog on event duration, data classification and ultimately eventtypes.  Notorious Splunk customer Matt Uebel’s question on Answers asked about “color coding” events within the results tables in the UI.

While it’s less complicated than assembling IKEA furniture, it’s not completely intuitive. In any case – you need to do three things, and the first is to define eventtypes for the different events …

» Continue reading