Using Alerts to Send Data to Amazon S3

A customer recently asked me to prove a concept where Splunk could see a certain type of incoming event and then pass information from that event into their Amazon S3 storage. I knew that Splunk could create alerts for event conditions and then fire off a script when the alert triggers, but I had never made it work with Amazon S3.

I decided to implement this using Amazon’s Boto library for Python. There’s lots of good documentation on this library here, but the short of it is that it enables you to send data to a bucket on Amazon S3 programmatically through a Python script. As you may know, Splunk comes with its own Python implementation can easily run …

» Continue reading

Now Time For the Splunk Weather Forecast

Raspberry Pi, Air Pi, and Splunk

If you were at .conf last week you would have likely seen some of the exciting Internet of Things projects people are using Splunk for. I think Ed Hunsinger put it best:

So far I’ve heard about @splunk being used for planes (Royal Flying Doctor), trains (New York Air Brake), and automobiles (VW). #splunkconf

@edhunsinger

Watching .conf 2014 from a far in the UK, I got excited about some of my own IOT projects. Then I remembered Brian Gillmore’s call for cool projects using Splunk with the RaspberryPi. At the same moment, by pure chance, I got an email telling me AirPi circuit boards (a RaspberryPi connected weather station) were back in-stock.

And it was settled. I would build a RaspberryPi …

» Continue reading

RDP to Windows Server from a Splunk Dashboard – Example Code

A while back, I wrote  blog post explaining how to RDP to a Windows Server from a Splunk Dashboard.  The steps involved the following:

  1. Create a Controller – this generates the .rdp file on the server and delivers it to the client.
  2. Create a custom endpoint in web.conf – this part enables url access to the controller created above.
  3. Add Javascript to the dashboard – this part renders the icon and passes the necessary parameters to the controller (via the custom endpoint).

All the nitty-gritty details were spelled out in the blog post.  However, if you learn better by example (like I do), then there is a new GitHub repo that has a working example for you.  In the …

» Continue reading

Integrating Active Directory into Splunk with SA-ldapsearch

On Tuesday, I introduced one of the first presentations at .conf2014 – a major update to the SA-ldapsearch app. This new app has now launched and you can download it at http://apps.splunk.com/app/1151/. The app consists of four specific commands: ldapsearch, ldapfetch, ldapfilter and ldapgroup.

Improvements include:

  • We dropped the requirement for Java on your search head
  • We added support for Search Head Pooling
  • We added a GUI configuration page and connection testing
  • We provided full UTF-8 support

The ldapsearch command is a generating command and is used in a similar way to other generating commands like inputlookup. You run it like this:

| ldapsearch domain=SPL search="(objectClass=user)" attrs="sAMAccountName,cn"

We have added some new features in this release. Firstly, the output …

» Continue reading

How to boost your apps performance with insights from virtualization and storage?

Are you getting the most out of your virtualized infrastructure investment? If your critical applications are suddenly running slow, how do you identify where exactly and how widespread is the issue causing the degradation. Is it the storage latency problem, overcommitted resources or something else? To find out answers to these questions and more join our “Getting Deeper Insights Into Your Virtualization and Storage with Splunk” session on Thursday, October 9th, 11:45 AM, suite 121-122.

Here is a sneak peek into our session. First, we will dive deeper into Splunk Apps for VMware and NetApp Data ONTAP and help you get better understanding of the value these extremely popular Splunk apps can bring to your enterprise. After that our amazing virtualization expert Mike Donnelly, …

» Continue reading

Look at all the pretty colors!

Well, it’s Sunday here in Las Vegas, and  .conf2014 is about to go down. I’m sitting in one of our Splunk University classes at the MGM, with many of our fine customers.

The class is our Power User Bootcamp, and we just finished talking about Splunk’s tagging, event types, and lookup functionalities. One of our more security-minded customers asked “hey – that ability to assign a color to event types in the Splunk search GUI is pretty cool – I’d like to use that to prioritize the events I’m looking at based on the risk profile assigned to a user. From a lookup. Can I do that?”

A second customer said “I like that idea.”

So, since this …

» Continue reading

Live in Vegas – Splunk Operational Analytics for Networking and SDNs

Are you going to .conf2014: The Fifth Annual Splunk Worldwide Users’ Conference?

Do not miss our “Splunk Operational Analytics for Networking and SDNs” session on Wednesday, October 8th, 10:30 AM! There, you will learn how Splunk software can help you optimize networking resources for the most efficient application performance and gain end-to-end visibility into your traditional as well as software-defined networks. We will also highlight Splunk software integrations with key vendors in networking space including Cisco, Arista, Ixia, Emulex (Endace) and others. In the demo part of our session, we will showcase Cisco ACI for Splunk Enterprise app.

vegas

You will learn how to utilize Splunk software for proactive monitoring of Cisco ACI  to dramatically reduce troubleshooting times, optimize applications delivery and …

» Continue reading

Get your Community on at .conf2014!

Community is HUGE at Splunk, and we’re doing it up big at this year’s .conf with our own gigantic Community Lounge. Here’s a sampling of what’s in the works:

Masters of IRC panel discussion

Wednesday, Oct 8th 11am-12noon on the Community Stage

Join us for an informal panel discussion with 6-7 of our most knowledgeable, longtime customers from the #splunk IRC channel. They will be taking your questions and sharing best practices and stories from their long years of experience deploying and maintaining Splunk at scale. Bring your questions! Whisky optional, but recommended :).

Learn how to start your own Splunk User Group (and meet other people who do, too)

Wednesday, Oct 8th, 12:15pm – 12:45pm on the Community

» Continue reading

Mainframe machine data in Splunk – Made way easier!

In the past, IT professionals have had to maintain specialized and expensive tools to monitor their mainframes. Mainframe operational insights are important but even more so in the context of the rest of the infrastructure and application performance and operational data. Now getting these insights is only a few steps away – I am very excited to announce Syncsort’s Ironstream, the latest addition to our Splunk apps.

Ironstream enables our and Syncsort’s joint customers to collect, visualize and report on mainframe log data in Splunk Enterprise and Splunk Cloud. This rich source of mainframe machine data includes z/OS log files such as syslog, various SMF records, WebSphere Log4j and more.

There are many benefits of analyzing mainframe data …

» Continue reading

Give the gift of karma…at .conf!

Are you a Splunk Answers user? Are you attending Splunk’s 5th Worldwide User Conference next week in Las Vegas? Do you want a way to show your appreciation for other .conf attendees, presenters, vendors, your Splunk University instructors (besides buying them a drink*)?

Introducing SplunKarma, the mobile karma dispenser!

Starting on Saturday, October 4th (the first day of Splunk University), you can visit http://answers.splunk.com/karma from your mobile device and log in with your Splunk Answers credentials. You’ll be given a cache of karma points to use to reward the members of the Splunk Community around you at .conf. All you need to do is find out what their Splunk Answers userID is.

If you’re speaking at .conf, tell your session audience your Splunk Answers …

» Continue reading