Don’t Forget to CIM! Or, How I Learned to Love Tags

Let me tell you a little story about something which I learned (or re-learned!) today. For the impatient, you can read Jack’s previous article on building technology add-ons, and go learn CIM (which stands for Common Information Model). I’ll put some other resources as the end as well.

The silly thing I have to admit first of all, is that I thought I knew this stuff. I’ve been involved in making data models for the CIM app, for cryin’ out loud! Anyway, to the story…

In my prior role in business development as a solution architect, and now as a developer evangelist, I frequently work with ISVs, IHVs, SIs and others who want to integrate their stuff with Splunk. …

» Continue reading

Splunk and Synthetic Monitoring

Monitoring your Web Application is not always an easy task. The challenge is even bigger when you want to be proactive about monitoring your application. How can you detect application performance problems before your users actually detect it? How about monitoring the availability of your Saas application knowing these environments are typically locked down: you can’t install an agent and you rarely have access to the instance log files thus limiting your visibility into the application.

A good solution for the above challenges would be to use synthetic monitoring. In a few words, synthetic monitoring is nothing more than a simulation of user interactions to your web application, which then allows you to measure the performance and availability of your application:
http://en.wikipedia.org/wiki/Synthetic_monitoring

» Continue reading

Shining a Light on Industrial Data

Enabling Insights from Industrial Data and the Internet of Things

This week we announced that our technology partner, Kepware Technologies, released the Industrial Data Forwarder (IDF) for Splunk as part of their most recent KEPServerEX update. This application enables a new and much easier way to connect to, index and analyze industrial data at scale in Splunk Enterprise and Splunk Cloud.

Industrial Data

Industrial data is a broad term for the machine data that is generated in industrial environments by industrial equipment, as well as by embedded computing platforms affiliated with SCADA and other automation and control systems. It typically represents physical sensor readings (temperature, vibration, pressures, valve position, etc.), or variables in the control algorithms that manage …

» Continue reading

Using Alerts to Send Data to Amazon S3

A customer recently asked me to prove a concept where Splunk could see a certain type of incoming event and then pass information from that event into their Amazon S3 storage. I knew that Splunk could create alerts for event conditions and then fire off a script when the alert triggers, but I had never made it work with Amazon S3.

I decided to implement this using Amazon’s Boto library for Python. There’s lots of good documentation on this library here, but the short of it is that it enables you to send data to a bucket on Amazon S3 programmatically through a Python script. As you may know, Splunk comes with its own Python implementation can easily run …

» Continue reading

Now Time For the Splunk Weather Forecast

Raspberry Pi, Air Pi, and Splunk

If you were at .conf last week you would have likely seen some of the exciting Internet of Things projects people are using Splunk for. I think Ed Hunsinger put it best:

So far I’ve heard about @splunk being used for planes (Royal Flying Doctor), trains (New York Air Brake), and automobiles (VW). #splunkconf

@edhunsinger

Watching .conf 2014 from a far in the UK, I got excited about some of my own IOT projects. Then I remembered Brian Gillmore’s call for cool projects using Splunk with the RaspberryPi. At the same moment, by pure chance, I got an email telling me AirPi circuit boards (a RaspberryPi connected weather station) were back in-stock.

And it was settled. I would build a RaspberryPi …

» Continue reading

RDP to Windows Server from a Splunk Dashboard – Example Code

A while back, I wrote  blog post explaining how to RDP to a Windows Server from a Splunk Dashboard.  The steps involved the following:

  1. Create a Controller – this generates the .rdp file on the server and delivers it to the client.
  2. Create a custom endpoint in web.conf – this part enables url access to the controller created above.
  3. Add Javascript to the dashboard – this part renders the icon and passes the necessary parameters to the controller (via the custom endpoint).

All the nitty-gritty details were spelled out in the blog post.  However, if you learn better by example (like I do), then there is a new GitHub repo that has a working example for you.  In the …

» Continue reading

Integrating Active Directory into Splunk with SA-ldapsearch

On Tuesday, I introduced one of the first presentations at .conf2014 – a major update to the SA-ldapsearch app. This new app has now launched and you can download it at http://apps.splunk.com/app/1151/. The app consists of four specific commands: ldapsearch, ldapfetch, ldapfilter and ldapgroup.

Improvements include:

  • We dropped the requirement for Java on your search head
  • We added support for Search Head Pooling
  • We added a GUI configuration page and connection testing
  • We provided full UTF-8 support

The ldapsearch command is a generating command and is used in a similar way to other generating commands like inputlookup. You run it like this:

| ldapsearch domain=SPL search="(objectClass=user)" attrs="sAMAccountName,cn"

We have added some new features in this release. Firstly, the output …

» Continue reading

How to boost your apps performance with insights from virtualization and storage?

Are you getting the most out of your virtualized infrastructure investment? If your critical applications are suddenly running slow, how do you identify where exactly and how widespread is the issue causing the degradation. Is it the storage latency problem, overcommitted resources or something else? To find out answers to these questions and more join our “Getting Deeper Insights Into Your Virtualization and Storage with Splunk” session on Thursday, October 9th, 11:45 AM, suite 121-122.

Here is a sneak peek into our session. First, we will dive deeper into Splunk Apps for VMware and NetApp Data ONTAP and help you get better understanding of the value these extremely popular Splunk apps can bring to your enterprise. After that our amazing virtualization expert Mike Donnelly, …

» Continue reading

Look at all the pretty colors!

Well, it’s Sunday here in Las Vegas, and  .conf2014 is about to go down. I’m sitting in one of our Splunk University classes at the MGM, with many of our fine customers.

The class is our Power User Bootcamp, and we just finished talking about Splunk’s tagging, event types, and lookup functionalities. One of our more security-minded customers asked “hey – that ability to assign a color to event types in the Splunk search GUI is pretty cool – I’d like to use that to prioritize the events I’m looking at based on the risk profile assigned to a user. From a lookup. Can I do that?”

A second customer said “I like that idea.”

So, since this …

» Continue reading

Live in Vegas – Splunk Operational Analytics for Networking and SDNs

Are you going to .conf2014: The Fifth Annual Splunk Worldwide Users’ Conference?

Do not miss our “Splunk Operational Analytics for Networking and SDNs” session on Wednesday, October 8th, 10:30 AM! There, you will learn how Splunk software can help you optimize networking resources for the most efficient application performance and gain end-to-end visibility into your traditional as well as software-defined networks. We will also highlight Splunk software integrations with key vendors in networking space including Cisco, Arista, Ixia, Emulex (Endace) and others. In the demo part of our session, we will showcase Cisco ACI for Splunk Enterprise app.

vegas

You will learn how to utilize Splunk software for proactive monitoring of Cisco ACI  to dramatically reduce troubleshooting times, optimize applications delivery and …

» Continue reading