.conf2014 Highlight Series: Lesser Known Commands in Splunk Search Processing Language (SPL)

LGO-conf2015-RGB

.conf2015 registration is open!

As we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas this September, we’re excited to continue our series of .conf2014 retrospectives. This week we revisit Kyle Smith’s presentation covering less popular but powerful commands in Splunk Search Processing Language (SPL).

Skill Level:
Good for All Skill Levels

Solution Area:
Search Language

Splunk:
Splunk Enterprise

Presentation Overview:
From one of the most active contributors to Splunk Answers and the IRC channel, this session covers those less popular but still super powerful commands, such as “map”, “xyseries”, “contingency” and others. This session also showcases tricks such as “eval host_{host} = Value” to dynamically create fields based on other field values, and …

» Continue reading

Raw Threat Intel Docs in Enterprise Security 3.3

For those that would like to visibly see a raw version of STIX/OpenIOC docs being consumed by the Threat Intel Framework in Enterprise Security 3.3, I thought I’d post a bit of an unofficial work around that could potentially be used to do this. It occurred to me that if a user wanted Splunk to index the raw STIX/OpenIOC documents, all they would need to do is have Splunk monitor the Threat Intelligence Manager directory that Enterprise Security is using to consume the OpenIOC/STIX documents. As an example, I will show how this can be done using the “da_ess_threat_default” entry, which is the Threat Intelligence Manager for the STIX documents that Enterprise Security 3.3 ships with out of the box.…

» Continue reading

Smart AnSwerS #22

Hey there community and welcome back to Smart AnSwerS, the 22nd installment of its kind.

I just got back to the office from a two week vacation to find my desk surrounded by a jungle of plants, my chair wedged horizontally on the side of my desk, an inflatable giraffe with a St. Patrick’s Day hat, and a cardboard cutout of a snooty waiter. Somehow, I wasn’t surprised with the number of pranksters surrounding me, so it was expected haha. I also came back to 800+ posts that have gone live on Answers since my departure! I’m glad the community is as lively as ever, though, it will take me some time to sift through all that content, …

» Continue reading

SplunkLive! Chicago: A Great Day for Splunkers and Blackhawks Fans

SplunkLiveLogoGenericWhat brings IT leaders back to SplunkLive! events year after year is hearing from our talented customers about ways that they drive value within their organizations using Splunk. This month’s SplunkLive! Chicago was no exception as over 400 Splunk experts and newbies descended on the Windy City to learn, teach and share their own success stories.

Highlights included:

SplunkLive_Chicago

  • Martin Lavoie, online technology group deputy director with Ubisoft, explained how Splunk enables his group to identify and fix issues in their API quickly, helping developers to deliver a better gaming experience.
  • Joseph Barnes from the University of Illinois at Urbana-Champaign described how his team delivered a single, scalable solution to monitor and analyze multiple uncontrolled logging environments.
  • Dan Schreiber and Ed
» Continue reading

Top Five Insights about Splunk Cloud

SplunkCloudlogo

One of the things I really like about attending industry events and conferences around the world is the opportunity to speak with certain members of the press face to face in small group settings.  We get to share some really good information and I get valuable insight into their world.  Recently, I met with a few reporters just prior to the international launch of Splunk Cloud and to share a bit more about what we are doing to help accelerate the adoption of cloud-based solutions and how Splunk is tapping into the growing market need. Here’s an inside look at what many reporters and analysts were interested in learning:

 

  1. Splunk Cloud recently launched internationally through its partnership with Amazon
» Continue reading

Instasplunk

Splunk Instagram

They say a picture is worth 1000 words. Actually it’s far more than that.

Take an Instagram image, there is tons of useful metadata behind the image – not just that tasty picture of what you had for dinner last night.

But how do you start to look at this data? I think you already know the answer to that! This post is just a quick guide showing you how to ingest and visualise Instagram data in Splunk.…

» Continue reading

.conf2014 Highlight Series: Detecting Fraud and Suspicious Events Using Risk Scoring

LGO-conf2015-RGB

.conf2015 registration is open!

We’re excited to continue our series of .conf2014 #TBT highlights, especially as we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas this September. This week we revisit Robert Perdues’s presentation about how Splunk can be used to detect fraud and suspicious events using risk scoring.

Skill Level:
Intermediate

Solution Area:
Fraud, Security

Splunk:
Splunk Enterprise

Presentation Overview:
This session showcases how Splunk can be used to build a risk scoring engine designed to detect fraud and other suspicious activities. This presentation includes a real-world fraud detection use case, a detailed description of the searches and lookups, which drive risk scoring, as well as other cyber security related applications of risk …

» Continue reading

Zillow developing on Splunk

zilllowThe Splunk Developer platform allows extending the capabilities of Splunk Enterprise by building your custom solutions. One of the ways to extend Splunk is to implement custom search commands, effectively extending Splunk Search Processing Language (SPL). Custom search commands are programs that allow you to stream or report on data.

In a recent Seattle Splunk User Group meeting, Bernie Macias and Jerome Ibanes of Zillow provided an overview of custom search commands, discussed the anatomy of a command, and provided a deep dive into building and packaging them. They demonstrated real-world usage of custom search commands at Zillow.

You can read Bernie’s indepth post on the Zillow blog: Splunk at Zillow

For additional guidance on custom search commands and …

» Continue reading

.conf2014 Highlight Series: Getting Deeper Insights into your Virtualization and Storage with Splunk

LGO-conf2015-RGB

.conf2015 registration is open!
.conf2015 call for papers and speakers ends tomorrow – May 8!

As we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas in September, we’re excited to continue our series of .conf2014 #TBT highlights. This week we revisit Stela Udovicic and Michael Donnelly’s presentation focused on Splunk insights into virtualization and storage.

Skill Level:
Good for all skill levels

Solution Area:
IT Operations, Application Management

Splunk:
Splunk App for VMware
Splunk App for NetApp
Splunk Enterprise

Presentation overview:
Virtualization and storage technologies go hand-in-hand. If performing poorly, they can have a serious impact on your applications’ performance and users’ experience. This presentation shows how Splunk can help you get unified visibility …

» Continue reading

Let’s Get Technical: Splunk Enterprise 6.2

Do You Know Splunk? Webcast Series Kick off! What’s New in Splunk Enterprise 6.2?

splunk_LogoLast week we launched our Do You Know Splunk? webcast series. The series will provide attendees with insight on the latest tips and best practices for optimizing your Splunk environment. Each webcast will highlight Splunk’s products and, together, we will dive into the weeds with users to help them better understand and harness Splunk’s platform within their organization. Plus, the online series will introduce Splunk users to new ideas and share how our solutions can help further increase visibility and intelligence for various data types and sources.

Our first webcast featured Splunk Enterprise 6.2.

With Splunk Enterprise 6.2, you can onboard, enrich and analyze …

» Continue reading