Troubleshooting Tips for Splunk DB Connect 3

Hello, fellow Splunkers! In this post, we'll take a look at a few of the pitfalls to be aware of when using the quite powerful, but sometimes hard to troubleshoot, DB Connect (DBX) 3.1.1 application from Splunkbase. So let's jump right in, shall we?

NULL values for Timestamp

If a database table that you're importing (either rising column or batch mode) contains a column representing a timestamp, most likely you'll want to utilize that column as the timestamp of the event (database record) within Splunk, instead of using the index time as the timestamp. However, be...

Get More Out of Splunk in 2018 with These Powerful Products

You might have noticed that our Operational Intelligence team was busy in 2017. Between three different product launches. . . you're probably wondering: when do they sleep? I'm still not sure the answer to that, but we're pretty proud of all the sweat, blood, and tears that have gone into elevating our services and extending the power of Splunk for our customers; and so I thought it might be helpful to pull together a quick round-up of the latest and greatest Operational Intelligence products by Function1. 

Bloodhound App for...

Tips & Tricks: Splunk's Monitoring Console

Since Splunk enterprise released 6.5.x "The Distributed Management Console" app was renamed to "The Monitoring Console"; the app name change was not just a rename as the tool got bundled with a number of enhancements. The gist behind the monitoring console is its myriad of dashboards that provides a birds-eye-view health check of a multi-instance Splunk deployment. The dashboards behind the console rely on data collected from the different Splunk Enterprise deployments' internal logs located in both $SPLUNK_HOME/var/log/splunk/ as well as $SPLUNK_HOME/var/log/introspection/. But this blog...

Splunking Twitch

Twitch has transformed the live streaming industry by revolutionizing the process of user broadcasting and real-time audience interaction. At 15 Million daily visitors, Twitch has grown to one of the largest sources of internet traffic. With the massive amount of information being shared in Twitch, we asked ourselves the age-old question: Can it be Splunked?

The short answer is: yes. Using Twitch's API we are able to gain access to a plethora of information. To start, however, we look at a single API endpoint and see just...

Using Splunk to Analyze New York City Uber Data

It’s fun getting all types of data into Splunk, analyzing it, and learning something new. I was pretty excited when I found this Uber trip data from FiveThirtyEight with 4.5 million records of Uber pickups from April - September 2014. Uber also debuted Uber Movement which is offering access to their data if you get on a waiting list. If you are interested in Uber data, you should definitely check that out. 


Overview of the New Charting Enhancements in Splunk 7.0

Charts are highly configurable in Splunk and in Splunk 7.0 they have added more charting options to use in your dashboards. These charting enhancements improve metrics and multi-series monitoring use cases while elevating user experience.

In this blog post, I will provide an overview of the new charting options available with Splunk 7.0 and give you examples you can use for reference. 


The first charting option allows you to change the line width of your charts in pixels.   

In the the XML example below, I've taken it...

Splunk 7 Event Annotations and You!

If you're anything our team at Function1, you can't wait to experiment with all of Splunk 7's dynamic new features. One of these features is “Event Annotations,” a powerful tool to highlight charts. At the moment, Event Annotations can be used in time-series charts. They are relatively simple to use; all you need is a separate search on your dashboard of type=annotation, with the annotation_label defined as the field you want to show as an annotation, and the annotation_category defined as the field to group your annotations by type. There is a simple but comprehensive example in the...

New in Splunk 7.0 – Metrics!

Like most avid Splunk users and admins, our team at Function1 was excited to hear about the release of Splunk 7.0 and all of its powerful new features and enhancements. One of the bigger announcements was Splunk 7.0's debut of a new data type called Metrics.

Splunk’s goal in introducing Metrics is to provide organizations with a highly efficient and scalable method of ingesting, utilizing, and extracting business value out of metrics from critical IT systems.

What are Metrics … and why are they important?

In short, Metrics are numerical values that...

Luna Wins Splunk's 2017 Innovation Award

From the Search Party, to the keynotes, to the captivating technical sessions, Splunk .conf17 was definitely one for the books (not to mention the record books, with more than 7,000 Splunkers in attendance)! One of our favorite moments of the week was when our CEO, Ashish, was presented with Splunk's 2017 Revolution Innovation Award for Luna, our Operational Intelligence app that integrates Slack and...

Splunk .conf 2017: Key Takeaways (Part 2)

In case you missed it, I recently caught up with Splunk .conf pro, Neena Bhutiani, to see how .conf2017 measured up to years past. But what about a different perspective: someone who's never been to Splunk .conf?

For that point of view, I spoke with two first-time .conf attendees: Karthik Subramanian and Somen De (who, spoiler alert: both also happened to be presenters, as...

Stay In Touch