Enabling Splunk as a Windows Domain User with Group Policy
Many times, we develop Windows-based apps (for example, the Splunk App for Exchange or the Splunk App for Active Directory) without special privileges. We recommend installing the Universal Forwarder...
View ArticleClik here to view.
Modular Inputs Tools
Tools I’m a tools kind of a guy. I like things that make my life easier or allow me to accomplish some task that would be otherwise prohibitive. I also like Tool the band , but that’s another blog. And...
View ArticleHadoop rant
Hadoop’s rise to fame is based on a fundamental optimization principle in computer science: data locality. Which translated to Hadoop speak would be: Move computation to data, not the other way around...
View ArticleClik here to view.
Mobile Analytics with Storm (Part 2)
In the previous article “Mobile Analytics with Storm“, we discussed how to configure the logging library for mobile apps to send stacktrace messages to Storm via REST API. To make this logging library...
View ArticleClik here to view.
Capturing Omniture (or Google Analytics, or Webtrends) Data into Splunk
I’ve spoken to many customers who love their client-side tracking tools (Omniture, Google Analytics, Webtrends, etc.) but also want to get that data into Splunk so that they can correlate web traffic...
View ArticleAre all my Microsoft Servers being Splunked?
I recently got asked a question – how can I tell if all my Microsoft servers are being Splunked? Interesting question and one that takes a little bit of effort. But we have all the bits, so let’s take...
View ArticleNetwork Inputs – Best Practices…
When architecting a Splunk deployment, there is almost always a requirement to support syslog event streams from many devices. While Splunk can easily accept syslog data directly from these external...
View ArticleDeveloping Modular Inputs in C# – Part 1
One of the cool new features of Splunk 5.0 is modular inputs, and we’ve already seen some great examples of this, such as the built-in perfmon gathering modular input and the Splunk Addon for...
View ArticleClik here to view.
Learn More about PowerShell and Modular Inputs
For over five years, I have been working with co-host Jonathan Walz on the PowerScripting Podcast, a weekly Internet radio show. The primary topic of the show is the Windows PowerShell scripting...
View ArticleClik here to view.
Letters from a Splunk Admin
No one writes letters anymore. It’s been such a long time since I’ve written a letter, it got me thinking what I would even write about… which then got me thinking what would a Splunk Admin write a...
View ArticleMicrosoft Patch Tuesday! Are your servers patched?
It’s my most favorite time of the month – Patch Tuesday! Ok, I might be slightly exaggerating there. Let’s face it. It’s a pain in the neck. I have to go around to every server in my development...
View ArticleClik here to view.
SQL Injection
Last year, I created an app template to detect whether your users went to a phishing web site where you would supply the app the sourcetype name of your proxy logs and the URL destination field where...
View ArticleThat happened: episode 33
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: docs are better with lens flare, some of the best jokes don’t need linebreaking, the .secret of...
View ArticleSplunkLive! DC: Helping Government Make Sense of Machine Data
There are a select number of U.S. cities dominated by certain industries that ultimately help to define those cities. Detroit for cars, Nashville for country music, Pittsburgh for the Steelers and...
View ArticleQuick n’ Dirty: Splunk Form Cheat Sheet
Have you ever made a terrific dashboard in Splunk and then thought…”Hmm, this is such a great dashboard, but I wish I could filter it for a subset of this data” or “hmmm….this dashboard should win an...
View ArticleDeveloping Modular Inputs in C#: Part 2
I’m annoyed at our engineering team, but I’ll get over it. You see, just hours after I posted my first blog post on writing modular inputs in C#, the team up in Seattle released the latest edition of...
View ArticlePlaying with the Splunk C# SDK–from PowerShell
As those who know me know, I Am Not A Developer. I could convincingly play one on TV, but that’s not the point. The point is this: I don’t have a copy of Visual Studio, and I don’t want to! When in...
View ArticleRunning as a Windows Service
There are some things that are just plain difficult on a Windows box. Take, for example, debugging Splunk scripted inputs. It seems simple enough. But Splunk runs as a Windows Service and is usually...
View ArticleClik here to view.
Splunk on Splunk 3.0 Now Live!
Hello Splunk Admins of the world, we are extremely excited to announce the general availability of the Splunk on Splunk app, version 3.0. S.o.S, the app that enables you to see inside your Splunks,...
View ArticleSplunkIt v2.0.2 Results & EC2 Storage Comparisons
With a new version of SplunkIt out the door, it was time to get new benchmark numbers, both for EC2 and the commodity hardware we tested in previous posts. Now that SplunkIt is compatible with Windows...
View Article