How to Create a Modular Alert

What’s a Modular Alert (and why should I care)?

Modular Alerts is a feature in included in Splunk 6.3 and later that allows it to actively respond to events and send alerts, gather more data, or perform actions. Splunk includes an API that makes it easy for people to write their own apps with modular alerts that can be shared on apps.splunk.comSee the official docs for more detailed information.

Modular Alerts can used for things such as:

» Continue reading

Smart AnSwerS #75

Hey there community and welcome to the 75th installment of Smart AnSwerS.

The “Where Will Your Karma Take You” contest officially ended this past Monday, and the winners were announced in a Splunk blog post by piebob earlier this week. BIG congratulations to sundareshr, skoelpin, and jkat54 for accruing the most karma points during the competition period, earning them each a free pass to .conf2016! If any of these guys have helped you solve your issues on Splunk Answers, be sure to thank them for being such awesome community contributors if you happen to cross paths. :)

Check out this week’s featured Splunk Answers posts:

How to encode a URL for a Hipchat notification alert action

» Continue reading

iOS Memory Warnings

Memory on mobile devices is a shared resource, and apps that manage memory improperly run out of memory and crash. iOS manages the memory footprint of an application by controlling the lifetime of all objects using object ownership, which is part of the compiler and runtime feature called Automatic Reference Counting (ARC). When you start interacting with an object, you’re said to own that object, which means that it’s guaranteed to exist as long as you’re using it. When you’re done with the object, you relinquish ownership and if the object has no other owners, the OS destroys the object and frees up the memory. Not relinquishing ownership of an object causes memory to leak and the app to crash. …

» Continue reading

Tracing Objective-C Methods

You can write very fast programs in Objective-C, but you can also write very slow ones. Performance isn’t a characteristic of a language but of a language implementation, and more importantly, of the programs written in that language. Performance optimization requires that you measure the time to perform a task, then try algorithm and coding changes to make the task faster.

The most important performance issue is the quality of the libraries used in developing applications. Good quality libraries reduce the performance impact. So to help you improve performance in your apps, we’ve updated the Splunk MINT SDK for iOS to provide an easy way to trace a method performance using MACROS.

To trace an Objective-C method, add the MINT_METHOD_TRACE_START …

» Continue reading

Android ANR troubleshooting with MINT

Being involved with shippable software for mobile and desktop, I realize that there is a class of problems that are not easy to troubleshoot.

Crashes are probably the easiest to reproduce in QA and Engineering environments and so they are easier to fix. But one class of problems, that in many cases requires more time and possible code redesign, is application sluggishness. This problem usually falls into the gray area of software development that everybody tries to address during design and implementation stages. The problem of application sluggishness seldom shows up in QA or other controller environments, but always happens when the actual user is trying to use the app.

Modern mobile apps are complex creatures. A lot of things

» Continue reading

Detecting early signs of compromise by splunking windows sysinternal

Splunk_Power_Banner

OVERVIEW

Traditional way of detecting of compromise in window environment using signature based anti-virus / malware product is very difficult to detect advanced malware or threats.  Most of anti-malware solutions that are signature based relies on known list of signatures :

  • Endpoint protection product, don’t have the perfect list of threats to detect all signatures that exist or known
  • Don’t apply to new type of threats that are executed as new executables at the endpoints because there is no known signature to compare against

This traditional approach is costing organization to constantly deal with security breaches hitting the headlines that ranges from incidents that deal with data exfiltration, service interruptions, ransomwares, etc.  all dealing with inability to protect and detect …

» Continue reading

Handling HTTP Event Collector (HEC) Content-Length too large errors without pulling your hair out

Once you start using HEC, you want to send it more and more data, as you do your payloads are going to increase in size, especially if you start batching. Unfortunately as soon as you exceed a request payload size of close to 1MB (for example if you use our Akamai app or send events from AWS Lambda) you’ll get an error status 413, with a not so friendly error message:

“Content-Length of XXXXX too large (maximum is 1000000) “

At this point you might feel tempted to pull your hair out, but fortunately you have options. The reason you are hitting this error is because HEC has a pre-defined limit on the maximum content length for the request. Fortunately …

» Continue reading

Secure Splunk Web in Five Minutes Using Let’s Encrypt

Configuring SSL for your public facing Splunk instance is time-consuming, expensive and essential in today’s digital environment. Whether you choose to go with a cloud provider or self-hosting; RTFM-ing how to generate the keys correctly and configuring how Splunk should use them can be quite confusing. Last year, a new certificate authority Let’s Encrypt was born in an effort to streamline the CA process and make SSL encryption more widely available to users (The service is FREE). In this short tutorial, we will cover how to make use of this new CA to secure your Splunk instance and stop using self-signed certs.  Using SSL will help you to secure your Splunk instance against MITM attacks. Let’s Encrypt utilizes all of …

» Continue reading

Smart AnSwerS #74

Hey there community and welcome to the 74th installment of Smart AnSwerS.

A Splunk Paper Aircraft Association was started up at HQ a couple weeks ago where each participant creates and launches their own paper aircraft every Friday afternoon. Weekly awards are given for longest distance traveled and duration in flight. There’s also a Splunker’s Choice Award for the most unusual, interesting, creative, or fun design. Last Friday, Director of Documentation ChrisG won top prize for his aircraft, winning in both categories of distance and duration. Congrats to the all-star!

Check out this week’s featured Splunk Answers posts:

Large lookup caused the bundle replication to fail. What are my options?

Support engineer rbal shared this Q&A with the …

» Continue reading

SplunkTalk – #76 – Buzzword Bingo

We're getting the hang of this now?!? Maybe? Today's episode we chat about some upcoming goodies like Hal's Developer Lounge and Wilde's Yoga Classes and much more at SplunkConf2016 at the Swan/Dolphin Hotel in Orlando. Clint has a new job at Splunk. Wilde celebrates his 10th year at Splunk and some funny stories about our bumpy time at 250 Brannan where we slowly took over that building — #pettingzoo. Splunk is in a fantastic new building next door, if you're in SF, come for a visit #thereisalegoroom. Listen now!
» Continue reading