Let's discuss how to collect data from your ServiceNow instance in Splunk. First, what is ServiceNow? ServiceNow is a maker of service management software that can be on-prem or in the cloud. Organizational use of ServiceNow ranges from standard IT help desk ticketing systems to legal service management. These organizations may want to collect data from their ServiceNow instance for security auditing or operational awareness of their deployment. ServiceNow exposes a REST API that can be used to extract this data.
In...
Least privilege is a common security practice where systems allow users the minimum permissions necessary to operate. It prevents users from harming things they ought not harm. It is a great rule of thumb. However, policies for enforcing this practice grow complicated in large organizations where people move about and move on frequently.
Removing privileges from former employees is the most basic use case. An employee resigns, turns in her badge and waves good-bye. Yet, the employee...
Growth. It's important in so many aspects of our lives; from our careers, health, and relationships. The famed motivational, self-help guru Tony Robbins says that beyond our basic needs, we need growth and giving back in order to truly be fulfilled. In addition to adding to ourselves, sometimes growth requires us to rebuild a portion of ourselves. Well, Splunk is no different. In order for it to keep it's self-esteem high, it also needs to grow. In this blog post I wanted to cover a process to expand the number of indexers in an existing Splunk deployment while also...
By now I’m sure you’ve heard about the release of Splunk Enterprise 6.5. Those of you who were at .conf 2016 got to see many of the new features during the keynotes, in sessions, and at the various booths.
Splunk Enterprise 6.5 brings lots of great enhancements related to user experience such as table datasets, conditional table formatting, dashboard editing, and enhanced search/SPL assistance. For those of you who have not had a chance to see some of the new features yet, I encourage you to check out this short video: ...
I often blog about Drupal, but recently I worked on a Splunk App, so thought about sharing my experience because it was an interesting one. For that Splunk App, I was on the Function1 Slack channel posting an endless stream of Splunk related questions and my colleagues provided tremendous support, patiently responding to my non-stop inquiries. It is great working among such a great pool of talented individuals.
The gist of the Splunk App is to dynamically post a JSON request to a RESTful API (the client developed the API) that returns a JSON response, and then send the response to...
This is a slightly lengthy tutorial on creating your own D3 (or any other open source JavaScript library) visualization and app for use in Splunk. It assumes familiarity with creating Splunk Apps, as well as with JavaScript, and as such is at a more intermediate level: before creating this app, you might want to work on both your JavaScript skills and work on creating some Splunk visualizations with Splunk JS or Simple XML. You...
Visualizations are not new to Splunk, whether XML or (D3) JavaScript, but the visualizations offered in Splunk 6.4 are the easiest and most powerful yet!
Hi everyone. Today I wanted to cover the tsidx retention feature that was released in Splunk version 6.4. This feature helps you reduce the storage costs for your indexer while maintaining actively searchable data. Also in this blog, I wanted to try a new format and convey the information in an FAQ style. Please leave a comment if you found the new format helpful for learning about tsidx retention.
First let's cover some fundamentals about tsidx files.
Q. What is a tsidx file?
A. Tsidx stands for "time-series index" file. It's...
New York | Washington, DC | Toronto
Phone: 202.888.6434
Email: info@function1.com
Function1, Inc. Copyright 2024. All Rights Reserved