Clik here to view.
Big Data New Year’s Resolutions for 2014
Happy New Year! I hope it was relaxing, restful and slightly over-indulgent. If you’re anything like me, you’re probably wondering if you can stick to any New Year’s resolutions unlike last year (less...
View ArticleClik here to view.
An easy way to generate sample data – Part 2
In my previous post I discussed generating data from a sample data set to be replayed. We discussed altering the timestamp of events (to match the run time of the eventgen), but not much more. Now...
View ArticleActive Directory Replication and Windows Server 2012 R2
If you have upgraded your Active Directory domain to Windows Server 2012 R2 and use the Splunk App for Active Directory, you may have noticed that the replication statistics script doesn’t work the...
View ArticleNew App: Arista Network Telemetry for Splunk Enterprise
Have you seen a cool new Network Telemetry App Arista Networks created for Splunk Enterprise? You can now analyze and visualize a wide range of network telemetry data from Arista switches in Splunk...
View ArticleClik here to view.
How to Stream Internet of Things Data into Splunk in Ten Easy Steps!
Inspired by Discovered Intelligence’s blog post “How to Stream Twitter into Splunk in 10 Simple Steps” last week, I began thinking about a simple Internet of Things example where we could demonstrate...
View ArticleClik here to view.
Defining indexes for release with your app
Recently I’ve heard a lot of chatter regarding how to segregate your data with indexes, especially if you have created an app (or multiple apps). Maybe it is just me, but personally I like to create a...
View ArticleClik here to view.
Quick N’ Dirty: Funnels
I recently had a customer ask me how to calculate funnels in Splunk. His source data consisted of custom application logs, but this method will work with any logs that have a field representing a...
View ArticleClik here to view.
Quick N’ Dirty: Retention
Inspired by a customer conversation, I recently posted a blog entry on funnels. This customer also asked about calculating retention. As it happens, retention is just a variation on the funnel concept....
View ArticleFive Must-See Splunk Demos at Cisco Live Milan
Splunk and Cisco are collaborating to unify security, networking, application and other data center silos with centralized, comprehensive operational intelligence. Stop by Splunk booth E1/E2 at Cisco...
View ArticleWorking with Active Directory on Splunk Universal Forwarders
Have you ever installed a Splunk Universal Forwarder and seen one or more of your Active Directory domain controllers have high CPU utilization as a result? Have you ever wondered how the Splunk...
View ArticleClik here to view.
Splunk Alerts and Charts on Your iPhone
Now Splunk is EVERYWHERE! Push alerts and charts to your cellphone from your Splunk servers, when you’re on the beach. Get your Splunk data conveniently on the go. Available now! EVERYWHERE is a...
View ArticleClik here to view.
Testing alerts using local SMTP server
When setting up alerts that send emails, I find it nice to be able to send the sample alerts to a local SMTP server. It’s useful for testing my thresholds and to rule out spam or mail routing rules....
View ArticleAn easy way to generate sample data – Part 3
In my last two posts (Part 1, Part 2) we discussed using the splunk eventgen to create a replay of a data sample. In the first post, we configured a data sample to replay it’s events into a log file,...
View ArticleForwarding Windows Event Logs to another host
Let’s face it – sometimes, it just isn’t possible to install the Universal Forwarder on all hosts. Mistrust of new software, proof of concepts and security concerns all play into the decision to...
View ArticleClik here to view.
Add an icon to your app or add-on
The “icon” has become a de-facto standard element of content description; it helps users to discover relevant content with just a quick look and helps your content to stand out from other apps. Until...
View ArticleClik here to view.
Measuring Windows Group Policy Logon Performance
One of the common complaints you will hear from Windows users is that their logon takes too long. This is especially true for Microsoft Remote Desktop Services and Citrix infrastructures. Luckily,...
View ArticleClik here to view.
That happened: episode 39
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: Splunk results on your iPad–or anywhere, bromance is in the air, you may want to go back to...
View ArticleWhich Microsoft Servers are inactive?
What can you tell me about my environment? It’s a common enough query and Splunk seems to be able to answer them all. The latest was this: Can you give me a list of all the servers that are...
View ArticleClik here to view.
Command Modular Input Use Case Series
Modular Inputs and Scripted Inputs provide a great way to develop custom programs to collect and index virtually any kind of data that you can set your mind to. But on whatever platform you have...
View ArticleUniversal Forwarders and the Splunk App for Active Directory
About once a week I respond to a call or online question asking about the Splunk App for Active Directory. Specifically, these questions ask one of two things. The first is “can I collect the Active...
View Article