Home – Archive by category "Operational Intelligence"
Troubleshooting the Splunk App for Enterprise Security
May 7, 2013 —
Intro Welcome Splunkers! In this post, I’d like to talk about an issue I encountered recently when working on a Splunk App for Enterprise Security v2.2.1 (ES app) deployment and the approach I took in troubleshooting it. But before getting started, I’d like to congratulate Splunk and their Security Products team for winning the SC →
Categories: Operational Intelligence
Taking a closer look
May 3, 2013 —
Ever have a well-formed search on Splunk that is running too slowly? Of course, they can always go faster, but there are times when it really just seems like something is holding back your search speed. That leaves you wondering where in the chain of information transfer is the problem, really? And just when you’re about →
Categories: Operational Intelligence
Passing Time
April 4, 2013 —
System monitoring dashboards are something we are often asked to provide for our clients. Normally, this is a pretty straight forward task, but on a recent client engagement, I was presented with one requirement that was a bit out of the ordinary. This client was looking to monitor a set of ten desktops with a →
Categories: Best Practices, Operational Intelligence
Simulating Data with the Splunk Event Generator
February 22, 2013 —
While installing a new app to your Splunk search head can usually be considered a rather benign action, sometimes the introduction of a TA on your forwarders and indexers requires more attention. This is commonly the case, especially if your production environment is guarded by change control. The problem is that without the data generated →
Getting a Pulse on Your System: How to Build a System Health Indicator in Splunk
February 1, 2013 —
Welcome Splunkers! I hope everyone is having a great New Year. We certainly are, here at Function1. We just publicly released a beta version of our Splunk for Oracle WebLogic Server app to Splunkbase as mentioned in a recent post. As part of the Splunk products team at Function1, I’m always looking at new ideas →
Categories: Development, Operational Intelligence
WebLogic + Splunk = Splunk for Oracle WebLogic Server
January 29, 2013 —
As many of you know, from our website and blogs, we Function1-ers provide world-class consulting services for a few Oracle enterprise products as well as Splunk. Having this unique blend of experience on the Function1 team, we often try to experiment with new ideas that would be helpful to both sets of clients. One such →
Categories: Cool Tools, Operational Intelligence
OH NO!! Splunking log files with multiple formats?? No problem!
January 24, 2013 —
I was recently at a client site for a two-week engagement assisting them with ramping up their Splunk installation, and I came across something particularly interesting. One of the log files the client wanted to index in Splunk contained four different log formats with four different timestamps. Take a look at a sample of the →
Categories: Best Practices, Operational Intelligence
Splunk 5.0′s Report Accelerator, better than Summary Indexing?
December 21, 2012 —
Over the last 3 years, I’ve worked with nearly 100 clients as a Splunk Professional Services Consultant across all sectors of business and have seen Splunk grow first-hand from the back office system admin’s life saver, to the Enterprise Big Data Engine that it is today. Splunk’s latest 5.0.1 release is nothing short of amazing. They’ve →
Categories: Operational Intelligence
Keeping your Splunk Deployment Server Organized
November 29, 2012 —
Image courtesy of xe-pOr-ex/ FreeDigitalPhotos.net The following post is for Splunk administrators that are already somewhat familiar with the Splunk Deployment Server, and the deployment of configuration app packages. The scenario: As a sysadmin, no matter how much effort goes into planning and organization, there is the possibility that one day you will no longer →
Categories: Best Practices, Operational Intelligence
Organizing Your Splunk Shoe Rack (Defining Index Structures , Part 2 of 2 )
November 2, 2012 —
In my previous post, I went through the thought process of defining a Splunk index structure. There aspects of defining this structure were covered: data access control, data retention, and search performance. Now that we understand the case for a well-defined index structure and the different factors that drive it, let’s go through a use →