Back to the Blog

Simulating Data with the Splunk Event Generator

Posted by Kevin Chu on Friday, February 22, 2013 - 13:29 Operational Intelligence, Cool Tools, Development Cool Tools, Data Inputs, Development, Event Generator, eventgen, Splunk

While installing a new app to your Splunk search head can usually be considered a rather benign action, sometimes the introduction of a TA on your forwarders and indexers requires more attention.  This is commonly the case, especially if your production environment is guarded by change control.   The problem is that without the data generated by those inputs your newly installed app may not display properly, and without seeing your new app’s dashboards populated with data, you may not be able to conclude how useful it really is.  I suppose deploying a fully mirrored “dev” environment to...

read more

Getting a Pulse on Your System: How to Build a System Health Indicator in Splunk

Posted by Anshu Rastogi on Friday, February 1, 2013 - 15:28 Operational Intelligence, Development Dashboards, query, search, singlevalue, Splunk

Welcome Splunkers!  I hope everyone is having a great New Year.  We certainly are, here at Function1.  We just publicly released a beta version of our Splunk for Oracle WebLogic Server app to Splunkbase  as mentioned in a recent post.  As part of the Splunk products team at Function1, I'm always looking at new ideas and approaches in Splunk app development.  As Splunk apps become more robust, they will...

read more

WebLogic + Splunk = Splunk for Oracle WebLogic Server

Posted by Sandeep Khaneja on Tuesday, January 29, 2013 - 17:55 Operational Intelligence, Cool Tools Oracle WebLogic Server, Splunk

As many of you know, from our website and blogs, we Function1-ers provide world-class consulting services for a few Oracle enterprise products as well as Splunk. Having this unique blend of experience on the Function1 team, we often try to experiment with new ideas that would be helpful to both sets of clients. One such experiment has yielded our new 1.0 Beta release of the Splunk for Oracle WebLogic Server app....

read more

OH NO!! Splunking log files with multiple formats?? No problem!

Posted by Rupak Pandya on Thursday, January 24, 2013 - 14:07 Operational Intelligence, Best Practices Big data, Data Inputs, Machine data, props.conf, Splunk, Timestamps, Web Analytics

I was recently at a client site  for a two-week engagement assisting them with ramping up their Splunk installation, and I came across something particularly interesting. One of the log files the client wanted to index in Splunk contained four different log formats with four different timestamps. Take a look at a sample of the log:

Splunk 5.0's Report Accelerator, better than Summary Indexing?

Posted by Sandeep Khaneja on Friday, December 21, 2012 - 18:21 Operational Intelligence 5.0, report acceleration, Splunk, summary indexing

Over the last 3 years, I've worked with nearly 100 clients as a Splunk Professional Services Consultant across all sectors of business and have seen Splunk grow first-hand from the back office system admin's life saver, to the Enterprise Big Data Engine that it is today.  Splunk's latest 5.0.1 release is nothing short of amazing.  They've done the impossible, again - and they did it with their renowned Splunk personality.  It broadens the meaning...

read more

Keeping your Splunk Deployment Server Organized

Posted by Kevin Chu on Thursday, November 29, 2012 - 16:54 Operational Intelligence, Best Practices clientName, deploymentclient.conf, DeploymentServer, filtering, serverclass.conf, Splunk, whitelist

Image courtesy of xe-pOr-ex/ FreeDigitalPhotos.net

The following post is for Splunk administrators that are already somewhat familiar with the Splunk Deployment Server, and the deployment of configuration app packages. The scenario: As a sysadmin, no matter how much effort goes into planning and organization, there is the possibility that one day you will no longer be able to easily group your servers simply by their hostnames or IP addresses. It may be the result of an emergency change ticket...

read more

Organizing Your Splunk Shoe Rack (Defining Index Structures , Part 2 of 2 )

Posted by Anshu Rastogi on Friday, November 2, 2012 - 15:13 Operational Intelligence, Best Practices indexes, Splunk

In my previous post, I went through the thought process of defining a Splunk index structure.  There aspects of defining this structure were covered: data access control, data retention, and search performance.  Now that we understand the case for a well-defined index structure and the different factors that drive it, let's go through a use case.

An extremely bright and talented system administrator at the Panda Shoe Company (fictitious) wanted to work smarter and...

read more

Splunk Data Input Pipeline and Processors

Posted by Rupak Pandya on Tuesday, October 9, 2012 - 11:38 Operational Intelligence, Best Practices Analytics, Best Practices, Data Inputs, Splunk

Image courtesy of the Splunk on Splunk App

I was a recent attendee of Splunk’s worldwide user’s conference .conf 2012. It was held at the ultra modern and chic Cosmopolitan Hotel located in the heart of Las Vegas, Nevada.  Over 1000 people attended the conference and there were 90+ information sessions geared towards a wide range of Splunk user levels. At any given moment over the 3-day conference, there were 12-16 sessions going on at the same time. There was literally a world of knowledge being handed out to anyone who...

read more

Organizing Your Splunk Shoe Rack (Defining Index Structures , Part 1 of 2 )

Posted by Anshu Rastogi on Wednesday, September 5, 2012 - 10:13 Operational Intelligence, Best Practices index, Splunk

Image courtesy of: FreeDigitalPhotos.net

Your Splunk Shoe Rack

When splunking with a new customer, one the first things I review when auditing their environment is their index structure. Why? Well there's a lot you can tell about the maturity of a Splunk deployment based on this particular configuration. The old saying that Forrest learned from his mom comes to mind...

"Momma always says there's an awful lot you could tell about a person by their shoes. Where...

read more

Monitoring Weblogic Environments

Posted by Vasanth Manikumar on Tuesday, August 21, 2012 - 15:16 Operational Intelligence F1 Product, Oracle WebLogic Server, Splunk, WLS

If you work with Oracle Weblogic Server(WLS) in an enterprise environment, then you likely have many managed servers, clusters, applications, and services that you have to keep an eye on. The clusters and instances in a Weblogic domain add to the complexity of the application infrastructure. So how is a Weblogic administrator supposed to keep track of the various applications and services running across several different domains and servers?  Currently, there are a few known existing resources and/or tools available that would be able to assist with monitoring as well as proactively...

read more
Stay In Touch