Smart AnSwerS #52

Hey there community and welcome to the 52nd installment of Smart AnSwerS.

A BoardAtWork group was started at Splunk HQ for folks interested in, well, playing board games at work during lunch or after hours. We had our first game night earlier this week and had a nerdy great time…even though I was the first one dead 😛 Just glad to unwind and share my love for games with fellow Splunkers after a long day!

Check out this week’s featured Splunk Answers posts:

Why is the Host IP value from udp:514 syslog input incorrect for one device?

evgenyv was collecting syslog events through a udp:514 input and needed help figuring out why only one device was reporting a …

» Continue reading

SSO without an Active Directory or LDAP provider

splunktrust

(Hi all–welcome to the latest installment in the series of technical blog posts from members of the SplunkTrust, our Community MVP program. We’re very proud to have such a fantastic group of community MVPs, and are excited to see what you’ll do with what you learn from them over the coming months and years.
–rachel perkins, Sr. Director, Splunk Community)


Hello everyone!

I am Michael Uschmann, one of the members of the SplunkTrust.

Lately I was annoyed by the fact that I had to enter my login on my Splunk DEV VM after a meeting or break. So, I thought ‘Why not setup SSO on this Splunk instance so I don’t have to enter my password again?’ But there was this …

» Continue reading

Splunk Stream on a Raspberry Pi? YES!

As a network geek, I’ve always wanted to leverage sniffers and deep packet inspection programs to understand user experience and to secure networks. I have a home lab with many virtual machines. But let’s be honest, I really want to know what my household is doing on the Internet! I needed something light-weight, NOT an appliance as large as a data center!

Network Sniffers aren’t anything new. In fact, they’re old school. But, who would have thought a Raspberry Pi would be powerful enough to act as a real-time 24×7 sniffer? I embarked on this journey recently with the Splunk Stream App. And I must say, I’m pretty impressed.

Splunk Stream captures real-time streaming wire data and performs packet analysis …

» Continue reading

Smart AnSwerS #51

Hey there community and welcome to the 51st installment of Smart AnSwerS.

Super Bowl 50 is making its way to the SF Bay Area next week, and traffic around HQ has been getting noticeably worse with Super Bowl City just a mile away. What does that mean? MOAR TRAFFIC and longer commute times ;( Luckily piebob, out of the kindness of her heart, gave the community team the OK to work from home amidst the sportsball madness. Such boss! So wow! Much thanks!

Important note: this week’s SFBA Splunk User Group meeting has been postponed to next week, Feb 10th, to avoid Super Bowl traffic as well!

Check out this week’s featured Splunk Answers posts:

How to create

» Continue reading

Splunk and the art of refrigerator maintenance.

Over the Australia Day long weekend here in sunny Brisbane, Queensland, a buddy of mine and I started noticing that his fridge didn’t seem very cold – meaning that the beer was not cold, clearly a drastic problem. No matter how far down we turned the thermostat, the fridge just wouldn’t cool down. He wasn’t sure if he was imagining it, or if it had always been that way. My buddy didn’t really want to go out and buy a new fridge and wanted to try and fix it himself, however had no idea if any of the changes we’d made to the fridge were making it better or worse.

My buddy works for a Splunk partner and IoT company

» Continue reading

Splunk and Cacti

Several options exist to bring SNMP into Splunk, with such examples as our SNMP Modular Input.  But what if you already have a SNMP collection built with Cacti?  You could consolidate, rebuild and reconfigure all the collection… but the easier option would be to take Cacti, and feed it into Splunk.  This is a great example of leveraging one tool to collect the data, but bringing all the information together into a single platform for analytics.…

» Continue reading

Top Technical Questions on Splunk UBA

With the acquisition of Caspida (now Splunk UBA) in July of 2015, we have been talking to many customers regarding user and entity behavioral analytics. Our customers have been asking questions about how this type of threat detection product works, and in this blog, I’m going to discuss some of the most common questions, along with answers and/or explanations from a security researcher and practitioner’s viewpoint.

 

What makes Splunk UBA unique compared to detection technologies?

Splunk UBA uses an unsupervised machine-learning based approach to determine whether events generated from multiple data sources are anomalies and/or threats. This is a turnkey approach that does not require customers to train the models, and does not require administrators to develop signatures in …

» Continue reading

Writing Actionable Alerts

Is your Splunk environment spamming you? Do you have so many alerts that you no longer see through the noise? Do you fear that your Splunk is losing its purpose and value because users have no choice but to ignore it?

I’ve been there. I inherited a system like that. And what follows is an evolution of how I matured those alerts from spams to saviors.

Let it be known that Splunk does contain a number of awesome search commands to help with anomaly detection. If you enjoy what you read here, be sure to check them out since they may simplify similar efforts. http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Commandsbycategory#Find_anomalies

Stage 1: Messages of Concern

Some of the first alerts created are going to be searches …

» Continue reading

My Splunk Origin Story

A World Without Splunk

In my pre-Splunk days, I spent significant time leading the vision for standards and automation in our company’s large distributed IBM WebSphere Network Deployment environment. Even though we used standard build tools and a mature change process, significant entropy and deviations were introduced into the environment as a product of requirements for tuning, business, infrastructure, security, and compliance.

As a result, we were unable to recognize the scope of impact when it came to security vulnerabilities or violations with 3rd party compliance. Even worse for us, we spent way too many staff-hours trying to replicate issues between production and quality assurance environments because we had no easy way to recognize the contributing configuration differences.

It’s a Bird, It’s a

» Continue reading

How’s my driving?

It was the summer of 2014. I was well into my big data addiction thanks to Splunk. I was looking for a fix anywhere: Splunk my home? Splunk my computer usage? Splunk my health? There were so many data points out there for me to Splunk but none of them would payoff like Splunking my driving…

Rocky Road

At the time, my commute was rough. Roads with drastically changing speeds, backups at hills and merges, and ultimately way more stop and go than I could stomach. But how bad was my commute? Was I having as bad an impact on the environment as I feared? Was my fuel efficiency much worse than my quiet cruise-controlled trips between New York and Boston? …

» Continue reading