Creating and Using New Custom Visualizations in Splunk 6.4

Visualizations are not new to Splunk, whether XML or (D3) JavaScript, but the visualizations offered in Splunk 6.4 are the easiest and most powerful yet!

Splunk has four large improvements to visualizations:

  1. 12 New D3 Visualizations
  2. The ability to add and extend your own visualizations to the library
  3. Developer APIs...

Event Sampling - Splunk 6.4 Feature

There have been countless instances when I was on a client site and tasked with building custom dashboards on large data sets, with a requirement to search over the past 3 months or greater. Each minor tweak or adjustment to the search would require me to run the entire search again, which on development systems would be a huge time sink. My life would have been so much easier, and I would have saved loads of time, if there was a way to run my searches against a smaller data set. Obviously, I could achieve this by, for example, running my searches against a shorter time frame but I would...

Monitoring Frozen Data Storage in Splunk

Frozen Wasteland

In this post, I'd like to visit the "Siberia" of Splunk data or frozen (archived) storage.  For all other types of data besides frozen, you can get insight on your Splunk data at the index and bucket level by using the "dbinspect" command or apps like "Fire Brigade."  However, because frozen data "lives" outside of the world of Splunk, there's no way to get insight on that data via Splunk.  Therefore, I will outline a solution for creating a scripted input to send metrics to Splunk which can then be used for reporting.

Create the...

How to generate 1 TB of data for Splunk Performance Testing





Splunk, a leader in Event Management provides insight into your business’s machine-generated log data. Splunk enables you to make sense of your business, make smart decisions and initiate corrective actions.

Processing Big Data is by no means a small feat. The ability to scale Splunk to accommodate and grow with your business is key to providing reliable and accurate information.  Splunk provides insight into your...

Macros and Tokens: Getting the Best Use of Them

While at a client recently, I had the task of creating a dashboard with the ability to look at Linux and Windows data's highest points and averages. The Windows and Linux data needed to be viewed separately, but still have the ability to view the data in total. To accomplish this, I created a base search using six macros: two to encompass both operating systems with each calculation mode, and two per operating system for each calculation mode.My first step was to create the macros. This is done by Settings > Advanced Search > Search Macros. Once at this page, click “New”. You will be...

Function1 Announces Sponsorship of .conf2015

Function1 today announced it is a Giga sponsor of .conf2015: The 6th Annual Splunk Worldwide Users' Conference. .conf2015 will feature more than 165 sessions, including more than 80 customer presentations, and is expected to attract thousands of IT, security and business professionals who know the value of their data. The conference will be held September 21 – 24, at the MGM Grand Las Vegas, with three days of optional education classes through Splunk University®, September 19 – 21, 2015.

Longtime Splunk partner and one of...

Being Unique is All About Being Different

Unique: (adjective) Existing as the only one.

Being unique is something we strive for, to be the only one of “us”. Wouldn’t you like for your Splunk app to be the same? For customers to use your app and see your color, your logo, your complete customization.


Here is my app, F1 Demo, as “bare bones” or basic.

CIO Review Names Function1 to 20 Most Promising Red Hat Solution Providers 2015

Function1, global leader in Operational Intelligence, Web Experience Management, and Data Security solutions, has been selected by CIO Review as one of the 20 Most Promising Red Hat Solution Providers in 2015.
A distinguished panel of CIOs, CEOs, VCs and members of CIO Review’s editorial board are responsible for identifying this annual list of companies, which aims to highlight and promote technology entrepreneurship. The decision highlights Function1's 2 year...

Every Click You Make, Splunk is Watching You…


When I am at client sites I often get asked how they can get a better understanding of what is going on in their Splunk environment. A recent client wanted to understand what dashboards were being used the most in their environment and who were the top users. What a great thought! I knew that Splunk had to have a way to track this. It was just a matter of locating the data and then determining the best way to pull it. After going back and forth between metadata and the internal index, I came across this in Splunk’s internal index.


Stay In Touch