Protocol Data Inputs
It must have been about a year ago now that I was talking with a Data Scientist at a Splunk Live event about some of the quite advanced use cases he was trying to achieve with Splunk. That conversation seeded some ideas in my mind , they fermented for a while as I toyed with designs , and over the last couple of months I’ve chipped away at creating a new Splunk App , Protocol Data Inputs (PDI).
So what is this all about ? Well to put it quite simply , it is a Modular Input for receiving data via a number of different protocols, with some pretty cool bells and whistles.
So let’s break down some of …
Detecting outages caused by unauthorized changes
Splunk is a great solution to search, investigate as well as monitor your IT environment, whether it is application, infrastructure or network related. One perplexing issue to detect is related to unauthorized changes. Per ITIL, an unauthorized change is a “change made to the IT infrastructure that violates defined and agreed Change policies”.
Let’s take a simple example where you have a multi-tier application and one of the admins made a change on one of the configuration files without running through the CAB or the Change and Release manager for impact analysis. This config change resulted in an application outage. Using Splunk, you can easily detect the outage, no doubt about that.
The challenge is how can you isolate the …
.conf 2014: The Community Report
Whew! Welcome back from .conf, everyone. I know it’s been two weeks since we all hung out together in the Community Lounge, but it still feels like we only just left the MGM yesterday…
All for you: the Community Lounge
This year at .conf, we created an intentional space for our amazing user community: you. You folks are the reason we’re here, and we wanted you to have a cool place to meet other Splunk users, talk about the stuff that matters to you, and get a little fun in at the same time.
The Answers Desk
From big data to a 360 degree customer view with Hunk and Hortonworks
You can’t really escape the fact that we’re in the age of the customer. From CRM to the “long tail” to multi-channel to social media brand sentiment to Net Promoter Scores – it is all about customer experience. Big Data has an important part to play – no great revelation there but how do you actually do it? There are an awful lot of questions that come up when it comes to Big Data and customer view;
What should my architecture be? How do I put together the right data strategy for the short and long term? How do I get the value from the data? How do I build customer analytics on top of my data? How do I …
Updated Traffic App
A few years ago, I created a publicly available traffic app for monitoring traffic incidents in major US cities configured by user. Since then, the provider of the feed has cut down on the number of cities they monitor and no longer provide incident counts per intersection. Nevertheless, they still provide a Jam Factor. A Jam Factor is a subjective number provided for a roadway that indicates how busy (or jammed) the roadway is.
For my reference implementation, I used this Jam factor field to visually allow you to to see your city’s (assuming the provider covers it) current Jam Factor for major highways. This updated traffic app that you can download has new dashboards that you can use to …
Monitor and reclaim valuable disk space on Microsoft Exchange Server
While disk spindles get cheaper, disk space on servers hosting mainstream services like Email or Messaging Service, still remains a big budget item. As organizations continue to grow and more people join hands (employees, contractors, service providers, developers, et al), it is important for organizations to monitor and make optimal usage of the critical disk space.
In the Infrastructure and IT Operations space, Microsoft Exchange continues to retain top-spot in the Gartner’s Magic Quadrant for Unified Communications report. Splunk App for Microsoft Exchange provides valuable insight regarding various aspect of Microsoft Exchange deployment landscape.
Splunk App for MS Exchange provides granular insight regarding the complete lifecycle of an email right from the time an email arrives within an org …
Use Splunk to detect and defeat fraud, theft, and abuse
In case you haven’t heard, an emerging and fast-growing use case for Splunk is using Splunk for anti-fraud, theft, and abuse (which I will just call “fraud”). Many Splunk customers across a wide range of industries Splunk their machine data and log files for a wide range of anti-fraud use cases, including fraud investigations, detection, and analytics/reporting. They also put the event data from other point anti-fraud tools into Splunk and use Splunk to: (1) break down the siloed nature of these point tools to present a more unified view on fraud, and (2) correlate fraud events with other data sources. Splunk’s flexibility enables it to be an anti-fraud solution and/or enhance existing fraud tools.
A few weeks ago, Splunk …
Is Big Data IT’s gift to the CEO?
At the beginning of June, I was at the Gartner CIO & IT Executive Summit in Berlin. It was an interesting event to attend in terms of the advice given to the CIOs at the event, how to deal with the “digital industrial revolution” and how to support the CEO’s top business priorities.
From the Gartner survey, a CEO’s top five priorities for 2014/15 are growth, costs, profit, IT and the customer.
Growth was number one and to support the CEO’s top priorities, Gartner suggested that the CIO will need to deliver a digital technology architecture, an enterprise information architecture, a strong cybersecurity & risk program and an industrialized IT infrastructure.
After the keynote, I attended one of the presentations …
routr : App that Shares Splunk Alerts on Social Media
What is routr ?
routr is a simple if-this-then-that workflow app to share Splunk alerts on your Twitter or Tumblr. It is easy to install, configure and run. This app is bundled together with a sample Splunk saved search that searches on failed login events to post a tweet on Twitter or an article on Tumblr whenever the alert is triggered from your Splunk instance. The search is triggered every 1 minute and looks for matching events in the relative past 1 minute.
Requirements to run this app ?
- Splunk installed
- Twitter and/or Tumblr account
How To Obtain Twitter OAuth And Access Tokens ?
Atlanta Splunk User Group this Friday!
Just a reminder to folks that the monthly user group meeting is this Friday! If you haven’t already, please RSVP to the Meetup page so that we have an accurate count for food and building security.
• 11:30 – 12:00 Networking, lunch
• 12:00 ( 5-10 min) – Welcome, introductions
• 12:10 – 1:20 Presentations:
Michael Conner, Coke CCR – Automating Splunk app deployment in AWS
Hutch, Splunk – Advanced Visualizations
Hal, Splunk – Techniques for analyzing Splunk performance
• 1:20 – 1:30 Open discussion, next meeting logistics, close…