Adding D3 Visualizations to Splunk Dashboards


In this post I would like to cover how to add some really great visualizations to a dashboard in Splunk.  I will cover how to use D3.js, a third-party javascript visualization library, and Splunk's JS stack. 

D3.js (or just D3 for Data-Driven Documents) is a “JavaScript library that uses digital data to drive the...

Splunking the Linux Audit System

For my last blog we discussed a Splunk topic geared towards the Windows side of the shop (Splunking Microsoft Windows Firewalls). So now it’s time to show some love to the Linux admins out there. More specifically, in today’s blog we will explore some tips for gaining insight into Linux audit logs using Splunk.

A little background on the Linux Audit System

The Linux Audit system provides a way to track security-relevant information on your...

Splunk Alerts in Slack!

Here at Function1 we use Slack in order to stay in constant contact with our co-workers. If you haven't heard of Slack before, Slack is a team chat and communication tool. We use it to talk about our projects, company announcements, sports, random water cooler talk, technical questions, etc. Slack has integration built-in with a lot of services. We rely heavily on the GitHub, Asana, and Twitter integrations, but they have many others.
Since we do a lot of Splunk development for our own projects and our clients, we thought, "...

Red Hat Storage Server, an Innovative Hybrid Storage Solution for Big Data

Big Data surrounds us all, in some shape or form. Typically Big Data (billions or trillions of vast and complex records) is so large, that it requires new and powerful computational resources to process and store. These gigantic sets of data can be analyzed to comprehend patterns, associations, trends, and statistics that help better understand user experience, human behavior, interactions, engagement, etc.

Big Data analysis, such as the services offered by our Function1 Operational Intelligence team, can be provided for a range of industries including but not limited to: financial...

Anonymizing Data in Splunk


In this blog we'd like to discuss masking or obscuring data in Splunk.  We’ve had customers in the past ask us how to mask data at both search and index-time.  Usually this is to hide personally identifiable information either for security, compliance or both.  In this post we’ll cover several different approaches for doing this in Splunk and discuss some pros and cons.

For each of the approaches we will use the following sample data from a fictitious HR application:

sourcetype = hr_app
sample event = “This is an event with a sensitive number in it...

Splunking Microsoft Windows Firewalls


Without exception, if you are an experienced security analyst, then you know the importance of firewall logs and the invaluable network traffic related data that they provide. Many of the key strategies of information security revolve around the network traffic of an organization and the rules that govern it. No matter the type of firewall, whether it is a hardware appliance or a software/OS level...

Every Click You Make, Splunk is Watching You…


When I am at client sites I often get asked how they can get a better understanding of what is going on in their Splunk environment. A recent client wanted to understand what dashboards were being used the most in their environment and who were the top users. What a great thought! I knew that Splunk had to have a way to track this. It was just a matter of locating the data and then determining the best way to pull it. After going back and forth between metadata and the internal index, I came across this in Splunk’s internal index.


Splunk ES - Lets Correlate

Splunk ES – Creating Custom Correlation Searches


In today's blog I will be discussing one of the very valuable features of the Splunk App for Enterprise Security. Correlation searches provide a very highly customizable level of security based detection and alerting within Splunk and ES.


What is a Correlation Search?

A correlations search is a type of saved search used to detect suspicious events or patterns in your data. If a suspicious event is detected, a notable event is created. The notable event...

Ninjas on a Mission: Things to Know When Migrating Your Splunk Deployment

Splunk is a journey. Whether you are a newbie playing around with Splunk on your local machine or have a multi-instance distributed Splunk deployment, your knowledge of Splunk is always evolving. Typically, the more you know about Splunk, the more you want to do with Splunk. Often, proof of concepts (POCs) turn into production environments and soon enough you’re increasing your license and looking into new architecture. Congratulations, you have become a full on Splunk ninja! Now, how do we migrate your current Splunk deployment to ‘beefier’ hardware,...

Stay In Touch