Smart AnSwerS #3

Hello Splunketeers and welcome to the 3rd installment of Smart AnSwerS!

We’ve been in quite a drought here in California and we’ve all been waiting and hoping for some rain to come on by…aaaand we got it, flooding our HQ basement floor! Good thing that hasn’t dampened our spirits or stopped us from the daily grind ;) – Check out this week’s featured Splunk Answers posts:

Why searching for a string with comparison operator “!=” returns the same source file name as “=”?

Have you ever asked yourself this question? jBoynton and I certainly have (no shame). This topic has come up several times and has left many to scratch their heads..and further scratching. The Search Processing Language struggle is …

» Continue reading

Splunk and Microsoft Azure – Intro and Resource Roundup

We are often asked by customers about how Splunk can integrate with, or run in Microsoft’s Azure cloud platform. There’s actually a fair bit of information about this broad topic on splunk.com and elsewhere, but it can be a bit hard to find. This post will serve as an introduction to a few Azure terms, and a round-up of available resources. Subsequent posts will cover some of these concepts in more detail–just look for the posts tagged “Azure”! You might also want to check out the Microsoft tag for other resources related to Splunk and overall Microsoft ecosystem.

First, let’s be clear: this is a HUGE topic. Cloud platforms are very complex these days, and Azure is no exception. If you walk up to a Splunker and ask, “can Splunk run …

» Continue reading

SSSL (Splunk Secure Sockets Layer)

Splunk SSL

The primary reason why SSL is used is to keep sensitive information sent across the internet encrypted so that only the intended recipient can understand it.

This is important because the information you send on the internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames, passwords, Splunk searches and other sensitive information if it is not encrypted.

When an SSL certificate is used, the information should become unreadable to everyone except for the server you are sending the information to. This protects it from possible prying eyes.

It is often important to make sure the connection from Splunk Web to the …

» Continue reading

Christmas 2020. Will big data and IOT change things for Father Christmas? Part I

Data TreeAfter last year’s case study on Santa Claus International, I recently had the opportunity to spend some more time with Father Christmas discussing his long term plans and business strategy for the next 5-10 years called “2020 Vision – Noel Limits”. We covered how the “advent” (geddit?) of technology over the last couple of years has changed the way Father Christmas has to prepare and deliver “positive festive outcomes” throughout the year. We talked about everything from The Internet Of Toys, use of big data and Ho-ho-hodoop, the unfortunately named Christmas Retail Analytics Platform and Augmented Sleigh Service. In part 1 we’ll review Father Christmas’ plans for The Internet Of Toys and in part 2 (tomorrow) we will cover …

» Continue reading

EHLO, Is it ME You’re Looking For? New Splunk App Simplifies Microsoft Exchange Monitoring

The Splunk App for Microsoft Exchange is consistently one of the most popular apps on Splunk Apps. We just released a new version of the app with some exciting new features. Version 3.1 is available now on Splunk Apps with a free 60-day license.

So what’s new? Microsoft Exchange is one of those multi-system business-critical systems so it’s not good enough to just glance at it every now and then. Organizations need clear, up-to-date information on whether it’s working and how bad it is when it’s not. To this end, we’ve created the Exchange Service Analyzer – a new workflow experience explicitly designed for Microsoft Exchange. It gives you insight into the health of your entire Exchange environment including ActiveSync, …

» Continue reading

That happened: episode 42 (#splunk, the universe, and everything)

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel:

There are really only 300 people on the internet

…and #splunk is 200 of them:

<RichardRa> Is it possible to timechart multiple fields per other field? More specifically, I am wanting to show a timechart of freespace by device by host. Using one of the Linux-TAs, my pseudo-search would look like: index=os_nix sourcetype=df | timechart span=5m max(UsePct) BY MountedOn BY host
<duckfez> RichardRa: by device by host or by the (device,host) tuple?
<Ayn> RichardRa: trying to think about what that would look like
<RichardRa> So, my goal would be a line for each device …

» Continue reading

Make it flash! Make it flash!

Splunk Traffic Lights

Splunk ships with some really neat visualisation options. From bar charts to gauges. Though sometimes they just don’t fit your requirements.

Wether that be something as simple as an custom icon or a super-slick D3 visualisation, Splunk’s framework makes it really easy to display your data in many number of ways.

One of the things I get asked a lot is: “Can we have a traffic light?”. The answer – yes! Let me show you how to light Splunk up in this post.…

» Continue reading

Accelerate troubleshooting in Application-Centric Infrastructures with Cisco & Splunk

Cisco Application Centric Infrastructure (ACI) delivers a holistic architecture that closely links the provisioning of data center networks with the applications running over those networks. The Cisco ACI for Splunk Enterprise App, created in collaboration between Splunk, Cisco, and our joint partner Crest Data Systems, enables users to centrally view operational health of their entire ACI environment, and the underlying entities in real-time. Operators can quickly correlate data from Cisco ACI with data from storage resources, operating systems, applications, and more for enterprise-wide visibility. Anomaly and error detection has never been easier.

helpdesk

Tracks key metrics such as health scores of all ACI entities including the APIC, fabric, tenants, end-point groups. The add-on also includes VMware correlation for deeper visibility into …

» Continue reading

Popular Cisco Networks App Recognized with Splunk “Revolution Award”

The first inkling I had of the usefulness of the Cisco Networks App for Splunk Enterprise (formerly Cisco IOS) came from a Cisco field team who helped their customer get the app working and immediately identified multiple issues with flapping ports. In the months that followed I’ve had the pleasure of getting to know Datametrix senior consultant, Splunk app developer and general rock star Mikael Bjerkeland.

At .conf2014 Mikael was recognized with a much-deserved Splunk 2014 Revolution Award. ComputerWorld Norway profiled the award and the Cisco networking app in a fantastic article (“Norsk programvaresuksess”) that anyone using Splunk and Cisco networking gear should read.

For folks who don’t speak Norwegian, here’s a quick recap …

Several years …

» Continue reading

Social Media Roundup

Because Splunk can index any kind of data, many of our customers have found it useful for indexing and analyzing social media events like Tweets, Facebook posts, and blog posts.

EXAMPLES

Hurricane Sandy

Tweets posted during Hurricane Sandy from the affected regions were indexed and analyzed. They were used to track how many people left the area and when they left relative to the arrival of the storm, people’s sentiment regarding levels of critical supplies, and people’s levels of anxiety and fear.

eRegulations Insight

Using built in Splunk analytics capabilities combined with add-ons like Sentiment Analysis, this site indexes and correlates data from regulations.gov to better understand public sentiment as it relates to specific regulations. The site provides insight on …

» Continue reading