Over the past few months, we have been working closely with Symantec™ to debut an exciting new Splunk App. Today, we are proud to announce the 1.0 release of the Symantec DeepSight™ Security Intelligence App for Splunk Enterprise on Splunkbase. Download it today! This app is the result of a collaborative effort between the Operational Intelligence Team at Function1 and Symantec’s Cyber Security Group.
This app works in tandem with...
With the release of Splunk Enterprise 6.1 have come many new features and enhancements. The initial reaction may be to question if upgrading to the new version is truly worth the effort. In this post I will describe one of the great new features in Splunk 6.1 that may turn your answer to that question into an unequivocal “yes”.
Introducing multisite clustering
First, allow me to propose a conundrum that many Splunk administrators within multi-site organizations may...
Are you wondering where your Assets are? Why you can't find your identities, perhaps? Are you on Windows? With the recent release of version 3.0, there has been huge improvements in the power of the ES app, and the ease of its use. The Assets and Identities are one of the cornerstones of the ES app, and there is a major change in the way these files operate in ES 3.0 compared to ES 2.4.
Asset management provides additional information about the source and targets of events. This information can be used to correlate multiple events to a single host, identify the location of the host...
In the business world, people are looking at ways to constantly improve processes and systems. The only way to determine if progress is being made is to compare performance over a period of time to that same period of time a day ago, a week ago, a month ago, or even longer.
Since Splunk gives companies the ability to store and search data over a variety of time periods, this should be an easy task to do, right?
Not so fast…
While Splunk is driven by time, the answer is a little more complex than that.
Let’s say for example that you would like to chart...
Splunk v6.0.1 is packed with new features that enhance the user experience and can provide useful, lightning fast reports. For a full overview of the new features check out this link: Splunk 6!
One of the new features that provide users the ability to build exceptionally fast reports is data models. Users can use the structure provided by the data models to create pivot tables, all without knowing Splunk’s search language. Pivot users select the data model they are interested in, then point and click their...
Welcome! In this post I'd like to cover testing the I/O performance of your indexer to its storage sub-system.
You can think of your indexer as the lobby of a busy hotel with the hotel guests being your data. In this hotel, guests are constantly streaming into the lobby (raw event data). At the same time, guests are frequently leaving the hotel (search queries) to go on around the city, either periodically in buses (scheduled saved searches) or in an ad-hoc manner by taxi (user searches). To prevent the lobby from filling up from the...
I recently ran into an issue with the Splunk Forwarder and found that we can solve it with a simple python script udpate. This is applicable to the Salesforce app for Splunk, but could be applicable to other use cases as well.
Here, the requirement was to install the Salesforce TA into Splunk and configure the TA to pull data from Salesforce into Splunk. After downloading the TA and enabling the necessary inputs from Salesforce, I checked Splunk for data…nothing.
Why isn’t the Salesforce data coming into Splunk??
Next, I went to the internal logs in Splunk by...
Recently I was working with a client that was Splunk savvy and they wanted to try to implement something that was, what I would consider, off the beaten path.
Here is the challenge:
This client was looking for a way to be able to take advantage of having multiple search heads for high resource availability and resiliency, without taking a hit on performance. One approach to go about providing high availability and resiliency of search heads is to use a Splunk feature called...
As a consultant, I get asked this question from my clients all the time. They use Splunk everyday and when they log in they see this screen:
Compared to a few years ago, it is almost unbelievable that we are able to sift the amount of data we can, and the speed with which we can do it. But like the fast cars we drive today that are much faster than similar cars of yesteryear, we get used to the speed we have, and soon wonder: “can it go faster?”
Yes, but with some conditions.
Like Turbocharging, Supercharging, and enlarging the displacement in cars-- all valid ways to make a fast car go faster, --in Splunk there is Report Acceleration, Summary Indexing, and searching tsidx files. Each has its own benefits and...
New York | Washington, DC | Toronto
Phone: 202.888.6434
Email: info@function1.com
Function1, Inc. Copyright 2024. All Rights Reserved