Back to the Blog

Clustering: It's Not Just For Indexers

Posted by Naveed Krabbe on Monday, December 15, 2014 - 13:34 Operational Intelligence Splunk, Search Head Clustering, Captain, Deployer, 6.2

The release of Splunk Enterprise 6.2 introduced several great new features and enhancements. The new capabilities center around a new faster interface designed to assist with data onboarding, easier analytics and event pattern detection, and improved scalability and centralized management. While I would definitely recommend exploring the first two topics, this blog will focus on the latter. Core to the improvements in scalability and centralized management within Splunk Enterprise 6.2 is the introduction of Search Head Clustering. Search Head Clustering (SHC) is a direct replacement for...

read more

Jazzing Up Your Dashboards: Dynamic Drilldown 101

Posted by Natalie Kalas on Tuesday, October 28, 2014 - 13:57 Operational Intelligence Splunk, dashboard, drilldown, maps, geostats

Time and time again, our customers find the most value in Splunk when they can visualize their data. By using the tokenization of certain fields, customers have the ability to drilldown into certain elements of their data. Drilling down into maps, charts, and graphs within the same dashboard, gives customers the ability to pinpoint problems and solutions quickly and efficiently. Now that Splunk utilizes simple XML for dashboard design, jazzing up your dashboards is easier than ever before!

Using sample data, I will walk you through some of these dynamic features below.

...

read more

Extending the Power of Pivot

Posted by Rupak Pandya on Thursday, October 16, 2014 - 15:01 Operational Intelligence Splunk 6, Splunk, data model, pivot, pivot editor, Dashboards, UI Customize

Data models were introduced with the release of Splunk 6 back in Oct of 2013. By now, Splunk users are aware of the pivot feature that allows them to build various types of reports that are fueled by data models without having to know the Splunk Search Processing Language (SPL). The Pivot Editor is a great way to build these reports, it allows users to simply point and click their way to creating reports/charts/graphs that provide great insight. This feature is great for users that only want to use the Pivot Editor to create their reports. However, you cannot add the Pivot Editor to a...

read more

Join Function1 at .conf2014!

Posted by Caroline Givnish on Monday, September 29, 2014 - 14:35 Operational Intelligence Splunk, .conf2014, Operational Intelligence, function1

It’s the most wonderful time of the year (for Splunk aficionados)! Function1 is proud to announce our Level 2 sponsorship of .conf2014: The Fifth Annual Splunk Worldwide Users’ Conference at the MGM Grand in Las Vegas. With 150 sessions and more than 70 customer presentations, it’s no surprise that .conf2014 organizers are anticipating a record attendance of more than 4,000 IT and business professionals. Introduce yourself at the Function1 booth or join us during our two breakout sessions where our Splunk-certified consultants will be offering attendees powerful insight into dynamic new...

read more

Introducing the Red Hat Storage App for Splunk Enterprise

Posted by Anshu Rastogi on Friday, August 15, 2014 - 09:29 Cool Tools, Operational Intelligence Splunk, Red Hat Storage, RHSS

Welcome Splunkers! Today, we are proud to announce the release of the Red Hat Storage™ App for Splunk Enterprise™ on the Splunk Apps site.  This app is the result of collaboration between the Operational Intelligence Team at Function1 and the Red Hat Storage Server team.  The app provides operational insight for your Red Hat Storage Server (RHSS) deployment.

For those that aren’t familiar, Red Hat Storage Server

“…is an open software-defined...

read more

Splunk Multisite Clustering

Posted by Naveed Krabbe on Thursday, June 26, 2014 - 19:15 Operational Intelligence Splunk, Clustering, Multisite

Splunk 6.1 – Introducing Multisite Clustering

 

With the release of Splunk Enterprise 6.1 have come many new features and enhancements. The initial reaction may be to question if upgrading to the new version is truly worth the effort. In this post I will describe one of the great new features in Splunk 6.1 that may turn your answer to that question into an unequivocal “yes”.

Introducing multisite clustering

First, allow me to propose a conundrum that many Splunk administrators within multi-site organizations may...

read more

MS Windows, Splunk App for Enterprise Security 3.0 and the Case of the Disappearing Assets and Identities

Posted by Ridwan Ahmed on Friday, March 28, 2014 - 15:33 Operational Intelligence Enterprise Security, ES, Splunk, troubleshooting, windows

Are you wondering where your Assets are?  Why you can't find your identities, perhaps? Are you on Windows? With the recent release of version 3.0, there has been huge improvements in the power of the ES app, and the ease of its use. The Assets and Identities are one of the cornerstones of the ES app, and there is a major change in the way these files operate in ES 3.0 compared to ES 2.4.

Asset management provides additional information about the source and targets of events. This information can be used to correlate multiple events to a single host, identify the location of the host...

read more

Charting Time over Time in Splunk

Posted by Kate Engel on Monday, February 17, 2014 - 15:23 Operational Intelligence Splunk

 

In the business world, people are looking at ways to constantly improve processes and systems. The only way to determine if progress is being made is to compare performance over a period of time to that same period of time a day ago, a week ago, a month ago, or even longer.

Since Splunk gives companies the ability to store and search data over a variety of time periods, this should be an easy task to do, right?

Not so fast…

While Splunk is driven by time, the answer is a little more complex than that.

Let’s say for example that you would like to chart...

read more

Accelerated Data Models in a Distributed Splunk Environment

Posted by Rupak Pandya on Friday, January 31, 2014 - 14:37 Operational Intelligence, Best Practices acceleration, Best Practices, Big data, data model, Splunk, Splunk 6

Splunk v6.0.1 is packed with new features that enhance the user experience and can provide useful, lightning fast reports. For a full overview of the new features check out this link: Splunk 6!

One of the new features that provide users the ability to build exceptionally fast reports is data models. Users can use the structure provided by the data models to create pivot tables, all without knowing Splunk’s search language. Pivot users select the data model they are interested in, then point and click their...

read more

Measuring Splunk Indexer Performance with IOMeter

Posted by Anshu Rastogi on Friday, December 13, 2013 - 13:26 Operational Intelligence disk i/o, iometer, IOPS, Splunk, Splunk Indexer

Welcome! In this post I'd like to cover testing the I/O performance of your indexer to its storage sub-system.

'After the party, it's the hotel lobby'

You can think of your indexer as the lobby of a busy hotel with the hotel guests being your data. In this hotel, guests are constantly streaming into the lobby (raw event data). At the same time, guests are frequently leaving the hotel (search queries) to go on around the city, either periodically in buses (scheduled saved searches) or in an ad-hoc manner by taxi (user searches). To prevent the lobby from filling up from the...

read more
Stay In Touch