Organizing Your Splunk Shoe Rack (Defining Index Structures , Part 2 of 2 )

In my previous post, I went through the thought process of defining a Splunk index structure.  There aspects of defining this structure were covered: data access control, data retention, and search performance.  Now that we understand the case for a well-defined index structure and the different factors that drive it, let's go through a use case.

An extremely bright and talented system administrator at the Panda Shoe Company (fictitious) wanted to work smarter and...


Splunk Data Input Pipeline and Processors

Image courtesy of the Splunk on Splunk App

I was a recent attendee of Splunk’s worldwide user’s conference .conf 2012. It was held at the ultra modern and chic Cosmopolitan Hotel located in the heart of Las Vegas, Nevada.  Over 1000 people attended the conference and there were 90+ information sessions geared towards a wide range of Splunk user levels. At any given moment over the 3-day conference, there were 12-16 sessions going on at the same time. There was literally a world of knowledge being handed out to anyone who...


Organizing Your Splunk Shoe Rack (Defining Index Structures , Part 1 of 2 )

Image courtesy of: FreeDigitalPhotos.net

Your Splunk Shoe Rack

When splunking with a new customer, one the first things I review when auditing their environment is their index structure. Why? Well there's a lot you can tell about the maturity of a Splunk deployment based on this particular configuration. The old saying that Forrest learned from his mom comes to mind...

"Momma always says there's an awful lot you could tell about a person by their shoes. Where...


Monitoring Weblogic Environments

If you work with Oracle Weblogic Server(WLS) in an enterprise environment, then you likely have many managed servers, clusters, applications, and services that you have to keep an eye on. The clusters and instances in a Weblogic domain add to the complexity of the application infrastructure. So how is a Weblogic administrator supposed to keep track of the various applications and services running across several different domains and servers?  Currently, there are a few known existing resources and/or tools available that would be able to assist with monitoring as well as proactively...


The Seven Dwarfs of Data On-boarding in Splunk

In my time working with and using Splunk, I have learned a few tricks and tips to make the Splunk experience even better. This post assumes you are familiar with a few Splunk keywords. If you are having trouble following along, take a look at this link and look up the terms: http://docs.splunk.com/Splexicon. If you have never seen Splunk before, I suggest taking a look at the Splunk Tutorial to familiarize yourself with the product: ...


Syslog Collection with Splunk

www.freedigitalphotos.net

What is Syslog?

If you're familiar with IT system administration, syslog data is something you've most likely come across.  It's a standard used to log server, system, and device messages.  It was originally developed as part of the Sendmail project in the 1980's and has become the standard used for Unix-based systems and for network devices such as...


Then One Day It Happens...

Image: nokhoog_buchachon / FreeDigitalPhotos.net

You’ve joined an elite team of engineers and administrators tasked to oversee your company’s technological needs.  As your company’s ambitious marketing teams generate more and more buzz, you find that with each day your job circles increasingly around growing your business’s capacity.  Months go by filled with unhindered efforts in project completion.  You’ve helped double your web traffic, beef up your network, and revamp your monitoring system.  ...


Using the Visualization Editor to Create a Dashboard in Splunk 4.3

Hello world!  This is my first blog post with Function1 and I hope you find it useful. This post will give you an idea of how simple it is to use the new Visualization Editor in Splunk 4.3 to create a dashboard. This neat new feature is great because it simplifies the dashboard and panel creation process by allowing any user to create a custom dashboard without having to write any XML code and/or book time and consult with the IT guy! Each Splunk user can create their very own custom dashboard with panels that can include a table, pie chart, line graph, or a variety of other options with...


Splunk Dashboard Development and an Intro to SideView Utils

(Image: Salvatore Vuono / FreeDigitalPhotos.net)

This is hopefully the first in a series of posts dealing with the joys of developing dashboards and apps in Splunk.  In this post, I’d like to highlight different development options and introduce SideView Utils.

The Case for Dashboards

Organizations use Splunk in a variety of ways.  Uses range from monitoring a specific application to gaining enterprise-wide insight into their operations.  Insight can be...


Best Practices for your Splunk Deployment: Indexer Performance

Function1 is a Professional Services Partner to Splunk.  We have gathered a wealth of experience in conducting dozens of consulting engagements in conjunction with Splunk PS, and now we want to share some of our Best Practices with you. The most common growth of a Splunk deployment starts from a utility used by your Systems Administrator to find that needle in the haystack issue,  and grows to an enterprise scale reporting tool used by the leaders of your organization.  Splunk as an enterprise platform is typically situated in a very prominent place in the decision-making process of your...


Stay In Touch