Simplifying IT Operations data analytics with Splunk Enterprise 6 and the...
At our annual user’s conference .conf 2013 this year, we announced the latest release of Splunk Enterprise – Splunk Enterprise 6. Splunk 6 introduces new analytics features that make it easy for anyone...
View ArticleClik here to view.
Hunk: Raw data to analytics in < 60 minutes
Update: now with UI setup instructions Finally, I got a bit of down time to sit down and get to the third part of the “Hunk: Splunk Analytics for Hadoop Intro” series of blogs, a follow up to part 1...
View ArticleInstalling the Splunk 6.0 Universal Forwarder on Windows
I’m currently working on getting all the Splunk apps that I am responsible for upgraded so that they use the Splunk 6 Universal Forwarder. Naturally, that means a whole slew of installs on Windows...
View ArticleUnstoppable AWS and Irresistible Splunk
AWS Re-invent is here! We, at Splunk, are excited to announce all the new goodies we have been working on with AWS! First, a lot of you might have seen the announcement around Amazon...
View ArticleClik here to view.
Analyze Data with Hunk on Amazon EMR
In this post you will learn how to use Hunk to process data with an Amazon EMR cluster. We will go through the steps of: Creating a Hunk EC2 instance, Creating an Amazon EMR cluster Configure Hunk with...
View ArticleClik here to view.
Show/Hide a Dashboard Panel Based on a Search Result
Today’s post will build two of my previous posts about pivoting a single row table and toggling visibility of dashboard panels. In the post about pivoting a table, one of the fields in the table was...
View ArticleWindows IP Address Monitoring
I’ve come across a couple of reasons to have a correlation between the IP Address (at a point in time) and a hostname. For most normal cases, you can use the nslookup script to do a reverse lookup....
View ArticleHadoop 2.0 rant
Here we go, time for another rant about Hadoop, this time about Hadoop 2.0. You can read the first rant here. The rant this time is about Yarn and the way it stores the application logs. Let’s start...
View ArticleRead-only database connections
Version 1.1.1 of the Splunk DB Connect Add-on is now available on our community site, and there’s a great new option for managing your users’ database access. Let’s walk through how to grant selected...
View ArticleDecoding IIS Logs
Everyone (just about) knows that there is a table of status codes that HTTP/1.1 defines. However, IIS gives you two more status codes in the log files. The HTTP/1.1 status is stored in sc_status (and...
View ArticleClik here to view.
Using Watchlists to Your Advantage
The Splunk App for Enterprise Security comes with correlation searches that generate notable events. The correlation search for Watchlisted Event Observed is a great template for generating notable...
View ArticleClik here to view.
Splunk Enterprise & Hunk for Hadoop at Cisco Labs
At the end of October, Splunk announced the release of new product called Hunk: Splunk Analytics for Hadoop. Once you get over the awesome name, you realize how much of a game-changer it is to give...
View ArticleDetecting Attachments in Microsoft Exchange Server 2013
One of the common recurring themes I get is how to detect attachments and log those attachments in Splunk. Let me get the obvious piece of this out of the way first – you cannot log the attachment...
View ArticleClik here to view.
Comparing week-over-week results
Comparing week-over-week results is a pain in Splunk. You have to do absurd math with crazy date calculations for even the simplest comparison of a single week to another week. No more. I wrote a...
View ArticleHunk Preprocessors: How to DIY
In the previous blog post on image searching with Splunk, I showed you how you can preprocess data with Hunk to get the ability to Splunk any data. This blog post is all about how to do it your self....
View ArticleClik here to view.
Monitor Processes Per User on Microsoft Remote Desktop Services Session Host
Microsoft Windows Remote Desktop Session Host (formerly Terminal Services) hosts multiple users on the same Windows Server Operating System. Therefore, all these users are sharing the same resources...
View ArticleLogging DMVs from Microsoft SQL Server with PowerShell
Some systems are easy to monitor and diagnose – just Splunk the log file or performance counter and you are pretty much done. Others take a little more work. Take, for example, Microsoft SQL Server....
View ArticleBuilding Technology Add-ons
Happy New Year! Following on Dennis Bourg’s post about using event generation, I’d like to post some of my notes about planning and building a technology add-on for use with Splunk. As we all know,...
View ArticleClik here to view.
That happened: episode 38
HAPPY NEW YEAR from “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel. This week: Who are these weirdos and what do they want you to know, externally bloggy...
View ArticleClik here to view.
Working with old data
This has tripped up a few people (including myself) in the last couple of weeks, so I figured it would be worth pointing out. If you are working with old data (>5 years), you need to let Splunk...
View Article