Back to the Blog

Stepping Up with Splunk!

Posted by Elizabeth Makepeace on Tuesday, October 25, 2016 - 09:08 Function1 Operational Intelligence, Splunk, Splunk 6.4, Visualizations, Wellness Program, Cool Tools

“Surround yourself with the dreamers and the doers, the believers and thinkers, but most of all, surround yourself with those who see greatness within you, even when you don’t see it in yourself.” –Edmund Lee

 

Splunk is an extremely versatile application, dissecting everything from a small csv file to multiple terabytes of data. I am a member of Function1’s Wellness Team as well as a part of the OI Practice. This year, the Wellness Team has decided to revamp itself and I thought Splunk would be a great tool to utilize to track our progress and feedback from...

read more

Creating a Custom D3 Application with Visualizations in Splunk

Posted by Karthik Subramanian on Tuesday, August 23, 2016 - 09:27 Operational Intelligence D3, Splunk 6.4, Splunk App, Visualization, customization, Javascript

This is a slightly lengthy tutorial on creating your own D3 (or any other open source JavaScript library) visualization and app for use in Splunk. It assumes familiarity with creating Splunk Apps, as well as with JavaScript, and as such is at a more intermediate level: before creating this app, you might want to work on both your JavaScript skills and work on creating some Splunk visualizations with Splunk JS or Simple XML. You...

read more

Creating and Using New Custom Visualizations in Splunk 6.4

Posted by Karthik Subramanian on Thursday, August 11, 2016 - 09:45 Operational Intelligence Operational Intelligence, Splunk 6.4, Splunk, Visualization, D3, Javascript, Splunk Apps, API

Visualizations are not new to Splunk, whether XML or (D3) JavaScript, but the visualizations offered in Splunk 6.4 are the easiest and most powerful yet!

Splunk has four large improvements to visualizations:

  1. 12 New D3 Visualizations
  2. The ability to add and extend your own visualizations to the library
  3. Developer APIs...
read more

Trimming Down your Splunk Indexer Storage with TSIDX Retention Settings

Posted by Anshu Rastogi on Thursday, August 4, 2016 - 10:46 Operational Intelligence Splunk 6.4, Splunk, tsidx, retention, storage, indexer, lexicon, bucket, rebuild, Audit

Hi everyone.  Today I wanted to cover the tsidx retention feature that was released in Splunk version 6.4.  This feature helps you reduce the storage costs for your indexer while maintaining actively searchable data.  Also in this blog, I wanted to try a new format and convey the information in an FAQ style.  Please leave a comment if you found the new format helpful for learning about tsidx retention.

Tsidx File Fundamentals

First let's cover some fundamentals about tsidx files.

Q. What is a tsidx file?
A. Tsidx stands for "time-series index" file.  It's...

read more

Event Sampling - Splunk 6.4 Feature

Posted by Rupak Pandya on Tuesday, August 2, 2016 - 10:07 Operational Intelligence Big data, Splunk 6.4, Cool Tools, Dashboards, Reports, Event Sampling, Events, sample, Operational Intelligence
There have been countless instances when I was on a client site and tasked with building custom dashboards on large data sets, with a requirement to search over the past 3 months or greater. Each minor tweak or adjustment to the search would require me to run the entire search again, which on development systems would be a huge time sink. My life would have been so much easier, and I would have saved loads of time, if there was a way to run my searches against a smaller data set. Obviously, I could achieve this by, for example, running my searches against a shorter time frame but I would...
read more
Stay In Touch