Back to the Blog

Splunking Twitch

Posted by Christopher Makepeace on Thursday, December 14, 2017 - 09:03 Operational Intelligence Twitch, Splunk, Modular Input, dashboard, API

Twitch has transformed the live streaming industry by revolutionizing the process of user broadcasting and real-time audience interaction. At 15 Million daily visitors, Twitch has grown to one of the largest sources of internet traffic. With the massive amount of information being shared in Twitch, we asked ourselves the age-old question: Can it be Splunked?

The short answer is: yes. Using Twitch's API we are able to gain access to a plethora of information. To start, however, we look at a single API endpoint and see just...

read more

A Complete Guide to Understanding the Splunk Add-on Builder

Posted by Christopher Makepeace on Wednesday, June 28, 2017 - 12:41 Development Splunk, Add-on, App, Development, Modular Input, Alerts

In this post, we'll walk through the ins and outs of the Splunk Add-on Builder. Not only does the Splunk Add-on Builder help users avoid common pitfalls during app development, it also validates apps according to best practices and app certification standards.  

On the app homepage, you'll see every add-on created using the Splunk Add-on Builder, along with those already installed on the instance. An Add-on Builder project is an editable add-on along with its meta data. Beyond editing capabilities, you're also able to export projects for use with other instances of Add-on Builder....

read more

Encrypting a Modular Input Field without Setup.xml

Posted by Christopher Makepeace on Thursday, February 23, 2017 - 08:30 Operational Intelligence Modular Input, encryption, Splunk, setup.xml

Encryption of some fields when creating a modular input is sometimes needed when security becomes an issue. There are a few ways with the most common being the creation of a setup.xml file for the modular input schema. When using setup.xml however, you lose some of the modular input schemas built in to the python SDK. However, when not using setup.xml and still would like to use the python SDK to encrypt an input field it is still possible with a bit of work. In this writing I will go over one way of encrypting an input field using an additional field as an identifier.

To start off...

read more

Splunk: Modular Inputs

Posted by Hani Atalla on Thursday, October 6, 2016 - 09:23 Development, Operational Intelligence Splunk, Development, Modular Input, JSON

I often blog about Drupal, but recently I worked on a Splunk App, so thought about sharing my experience because it was an interesting one.  For that Splunk App, I was on the Function1 Slack channel posting an endless stream of Splunk related questions and my colleagues provided tremendous support, patiently responding to my non-stop inquiries. It is great working among such a great pool of talented individuals.

The gist of the Splunk App is to dynamically post a JSON request to a RESTful API (the client developed the API) that returns a JSON response, and then send the response to...

read more
Stay In Touch