How to Create a Modular Alert
What’s a Modular Alert (and why should I care)?
Modular Alerts is a feature in included in Splunk 6.3 and later that allows it to actively respond to events and send alerts, gather more data, or perform actions. Splunk includes an API that makes it easy for people to write their own apps with modular alerts that can be shared on apps.splunk.com. See the official docs for more detailed information.
Modular Alerts can used for things such as:
- Notifications: send out a message letting people know something happened (e.g. Twilio SMS Alerting, Slack Notification Alert, HipChat Room Notification Alert(
- Automation: perform an action whenever a particular event is detected by Splunk (e.g. Insteon Home Automation Control, IFTTT Alert Action, Octoblu
Smart AnSwerS #75
Hey there community and welcome to the 75th installment of Smart AnSwerS.
The “Where Will Your Karma Take You” contest officially ended this past Monday, and the winners were announced in a Splunk blog post by piebob earlier this week. BIG congratulations to sundareshr, skoelpin, and jkat54 for accruing the most karma points during the competition period, earning them each a free pass to .conf2016! If any of these guys have helped you solve your issues on Splunk Answers, be sure to thank them for being such awesome community contributors if you happen to cross paths.
Check out this week’s featured Splunk Answers posts:
How to encode a URL for a Hipchat notification alert action…
iOS Memory Warnings
Memory on mobile devices is a shared resource, and apps that manage memory improperly run out of memory and crash. iOS manages the memory footprint of an application by controlling the lifetime of all objects using object ownership, which is part of the compiler and runtime feature called Automatic Reference Counting (ARC). When you start interacting with an object, you’re said to own that object, which means that it’s guaranteed to exist as long as you’re using it. When you’re done with the object, you relinquish ownership and if the object has no other owners, the OS destroys the object and frees up the memory. Not relinquishing ownership of an object causes memory to leak and the app to crash. …
Tracing Objective-C Methods
You can write very fast programs in Objective-C, but you can also write very slow ones. Performance isn’t a characteristic of a language but of a language implementation, and more importantly, of the programs written in that language. Performance optimization requires that you measure the time to perform a task, then try algorithm and coding changes to make the task faster.
The most important performance issue is the quality of the libraries used in developing applications. Good quality libraries reduce the performance impact. So to help you improve performance in your apps, we’ve updated the Splunk MINT SDK for iOS to provide an easy way to trace a method performance using MACROS.
To trace an Objective-C method, add the MINT_METHOD_TRACE_START …
Android ANR troubleshooting with MINT
Being involved with shippable software for mobile and desktop, I realize that there is a class of problems that are not easy to troubleshoot.
Crashes are probably the easiest to reproduce in QA and Engineering environments and so they are easier to fix. But one class of problems, that in many cases requires more time and possible code redesign, is application sluggishness. This problem usually falls into the gray area of software development that everybody tries to address during design and implementation stages. The problem of application sluggishness seldom shows up in QA or other controller environments, but always happens when the actual user is trying to use the app.
Modern mobile apps are complex creatures. A lot of things …
Detecting early signs of compromise by splunking windows sysinternal
Traditional way of detecting of compromise in window environment using signature based anti-virus / malware product is very difficult to detect advanced malware or threats. Most of anti-malware solutions that are signature based relies on known list of signatures :
- Endpoint protection product, don’t have the perfect list of threats to detect all signatures that exist or known
- Don’t apply to new type of threats that are executed as new executables at the endpoints because there is no known signature to compare against
This traditional approach is costing organization to constantly deal with security breaches hitting the headlines that ranges from incidents that deal with data exfiltration, service interruptions, ransomwares, etc. all dealing with inability to protect and detect …
Handling HTTP Event Collector (HEC) Content-Length too large errors without pulling your hair out
Once you start using HEC, you want to send it more and more data, as you do your payloads are going to increase in size, especially if you start batching. Unfortunately as soon as you exceed a request payload size of close to 1MB (for example if you use our Akamai app or send events from AWS Lambda) you’ll get an error status 413, with a not so friendly error message:
“Content-Length of XXXXX too large (maximum is 1000000) “
At this point you might feel tempted to pull your hair out, but fortunately you have options. The reason you are hitting this error is because HEC has a pre-defined limit on the maximum content length for the request. Fortunately …
Secure Splunk Web in Five Minutes Using Let’s Encrypt
Configuring SSL for your public facing Splunk instance is time-consuming, expensive and essential in today’s digital environment. Whether you choose to go with a cloud provider or self-hosting; RTFM-ing how to generate the keys correctly and configuring how Splunk should use them can be quite confusing. Last year, a new certificate authority Let’s Encrypt was born in an effort to streamline the CA process and make SSL encryption more widely available to users (The service is FREE). In this short tutorial, we will cover how to make use of this new CA to secure your Splunk instance and stop using self-signed certs. Using SSL will help you to secure your Splunk instance against MITM attacks. Let’s Encrypt utilizes all of …
Smart AnSwerS #74
Hey there community and welcome to the 74th installment of Smart AnSwerS.
A Splunk Paper Aircraft Association was started up at HQ a couple weeks ago where each participant creates and launches their own paper aircraft every Friday afternoon. Weekly awards are given for longest distance traveled and duration in flight. There’s also a Splunker’s Choice Award for the most unusual, interesting, creative, or fun design. Last Friday, Director of Documentation ChrisG won top prize for his aircraft, winning in both categories of distance and duration. Congrats to the all-star!
Check out this week’s featured Splunk Answers posts:
Large lookup caused the bundle replication to fail. What are my options?
Support engineer rbal shared this Q&A with the …