Steps for implementing Fraud Detection

A couple of years ago, I wrote about how easy it is to detect fraud, mostly in the financial services industry, using Splunk Enterprise in a blog article. What I provided were the last steps on using the Splunk Search Processing Language to accomplish the task. However, for most people, who are new to Splunk, that doesn’t really help as it only gives you a prescription after you’ve uncovered the symptoms and, should I say, possible disease.

Today, I’d like to step back a little bit and give you the full high level steps on implementing fraud detection for your needs. This may make the previous article a little more clear.

Understand Your Use Cases

Before you do anything, …

» Continue reading

Splunk the Vote: BBC Election Debate

This post is the first in a series analysing social data about the UK General Election 2015.

BBC leaders debate

The third official debate has come and gone – this time without Cameron and Clegg. Perhaps this is why we saw the fewest tweets (179,000) collected during the debate compared to the previous two debate (216,000 & 312,000).

But how did the two leaders compare to those in the five opposition leaders who took part in the debate?

In the third part of my #SplunkTheVote series I took to Splunk to find out.…

» Continue reading

Splunk at Comcast: Capturing Actionable Insights to Improve User Experience

Last week, I had the privilege of hosting a well-attended webinar with Jonathan Luste from Comcast titled “How Comcast Improves Mobile App and Video Experience with Splunk“. Jonathan shared how Splunk has provided real-time visibility to customer behaviors/preferences as well as providing him the ability to dive deep into operational issues around the performance of content delivery via mobile and internet .

Comcast has number of digital properties –, XFINITY TV & TV Go Apps, XFINITY TV Remote Apps, XFINITY Home App that are accessed via web and mobile. Like many organizations, providing a good customer experience for video delivery and mobile apps is top of mind for Comcast.


Traditional digital analytics tools are focused on marketing, …

» Continue reading

Smart AnSwerS #19

Hey Splunk Community! Welcome to the 19th installment of Smart AnSwerS.

With Splunk HQ just 2 blocks away from the San Francisco Giants stadium, the bustle of game day foot traffic can be pretty disruptive–today some random jerk banged pretty hard on the street-level windows. There has been a home game every day this week and it’s always an interesting commute to and from the office through waves of black and orange and accompanying traffic car-mageddon. Luckily, facilities keeps us informed and forewarned on game day madness, about things like $50-$60 flat parking rates *jaw drops ensue* Tis the season!

Check out this week’s featured Splunk Answers posts:

Is there a way to separate the hot and warm bucket

» Continue reading

How to edit Notable events in ES programatically

Several people have asked if the Splunk for Enterprise Security has an API for programmatically modifying notable events. It does, and this post will outline how to use it.

A little background…

Notable events in ES are associated with an event_id field. This field uniquely identifies a notable event. You can see this field if you run a search for notable events and select the event_id field using the field picker. Make sure to use the notable macro when searching for notable events since this macro handles some things necessary for examining notable events. The search should look like this:


After selecting the event_id field in the field picker, you should be able to see the event_id in search …

» Continue reading

Smart AnSwerS #18

Hey Splunk community and welcome to the 18th installment of Smart AnSwerS.

Earlier this week, piebob got a shipment with numerous bags of Hershey’s chocolates and candies from one of our amazing customers (thanks alacercogitatus!). It has all been laid out on a table 15 feet behind me, staring into my very soul every day. I look over my shoulder occasionally to see the progress made, semi-hoping it’ll be gone for the greater good of my temptations…but who am I kidding *grabs some chocolate* – Check out this week’s featured Splunk Answers posts:

Is it possible to create a dashboard where you must manually select a panel before a search is run to improve performance?

therockhead was tasked with …

» Continue reading

Splunk Enterprise Helps Lockheed Martin Further Embrace “The Need for Speed”

Top Gun was ahead of its time in so many ways. The leather jackets, aviator shades and 80s music we can’t get out of our heads. Maverick and Goose were definitely right about one thing – when it comes to fighter jets, there is a need … the need for speed.

Thirty years later, Splunk is helping Lockheed Martin embrace its need for speed. That is – the need for consolidated, real-time analysis to support Lockheed’s F-35 Lightning II Program, which includes aircraft built for the Navy, Air Force, Army and Marines.

Today, we are pleased to announce a contract award with Lockheed Martin to support the F-35 Lightning II Program. Lockheed Martin is using Splunk Enterprise’s monitoring …

» Continue reading

Splunk the Vote: The ITV Leaders Debate

This post is the second in a series analysing social data about the UK General Election 2015.

Splunk the Vote ITV

Last night (02/04/2015) saw the second televised debate in the run up to the UK general election. Unlike the first, this debate saw all leaders from the 7 main political parties take part.

As we did with the first debate, we collected a sample of tweets to answer the most important question; who won?

The Data

We collected 312,000 tweets from around 123,000 unique users – so about 3 tweets per user in the 2 hour period. Tweet volume is almost double the first debate, however tweets per user is lower indicating more people were discussing this debate on Twitter.

Read more about

» Continue reading

.conf2014 Highlight Series: Creating an Interactive Transaction Profiler

.conf2015 registration is now open!
We’ve also opened up the .conf2015 call for papers and speakers.


In our ongoing series of .conf2014 #TBT highlights, we revisit Matthias Maier’s “Dashboard Fun” presentation focused on easily creating interactive dashboards with Splunk.

Skill Level:

Solution Area:
Application Development, Application Management

Splunk Enterprise

Presentation overview:
Using Simple XML and Splunk Enterprise, learn how to create easy interactive dashboards to explore data. This demo showcases great tools to put ion the hands of Splunk users, help desk users and IT Operations staff.

For the full recording, check out the Creating an Interactive Transaction Profiler audio.

Register for .conf2015 today and look for more of our #TBT .conf highlights as we …

» Continue reading

Smart AnSwerS #17

Hey Splunk community and welcome to the 17th installment of Smart AnSwerS!

Since our Splunk FY’16 Sales Kickoff fell on Presidents’ Day and was a mandatory work event, the holiday was moved to another date that, of course, I didn’t think to keep track of. Good thing I found out accidentally through conversation with another Splunker earlier this week before it was too late! Let it be known that tomorrow, April 3rd, 2015 is officially “Spring Day” for Splunk in America. I would have made my commute to a dark and lonely office, and it wouldn’t have been the first time. Hah!

Check out this week’s featured Splunk Answers posts:

Why is my sourcetype configuration for JSON events with

» Continue reading