Archive | Splunk

Aspect ratios of national flags - Splunk

Splunking the Aspect Ratio Distribution of National Flags

When I tried to align the Union Jack and the flag of Germany on a presentation slide I noticed that I couldn’t – their aspect ratios are different. A quick search led me to this list of aspect ratios of national flags on Wikipedia. Apparently, national flags are far from standardized. A broad range of […]

Continue Reading · 0
Splunk - open in search-900

Splunk Accelerated Data Models – Part 3

This article is based on my Splunk .conf 2015 session and is the second in a mini-series on Splunk data model acceleration. Make sure to read parts 1 and 2 first. Searching Accelerated Data Models Which Searches are Accelerated? The high-performance analytics store (HPAS) is used only with Pivot (UI and the pivot command) and […]

Continue Reading · 1
Splunk - Checking the data model acceleration status

Splunk Accelerated Data Models – Part 2

This article is based on my Splunk .conf 2015 session and is the second in a mini-series on Splunk data model acceleration. Make sure to read part 1 first. Under the Hood HPAS Population The high-performance analytics store (HPAS) is populated by scheduled searches that run every 5 minutes. The HPAS spans a user-defined time […]

Continue Reading · 2
Splunk data model acceleration

Splunk Accelerated Data Models – Part 1

This article is based on my Splunk .conf 2015 session and is the first in a mini-series on Splunk data model acceleration. Why Accelerate? Have you ever seen this? Splunk is great and very fast with needle in a haystack searches, e.g. find a specific keyword in millions of events. It is not so fast […]

Continue Reading · 0
<a href="https://www.flickr.com/photos/puuikibeach/9074797310/">Pillar of Darkness Expedition: 1913</a> by <a href="https://www.flickr.com/photos/puuikibeach/">davidd</a> under <a href="https://creativecommons.org/licenses/by/2.0/">CC</a>

Splunk Scripted Input Secrets

Splunk’s Universal Forward has the neat capability of executing arbitrary scripts while capturing their output and sending that to Splunk. This feature allows you to turn any executable, batch file or PowerShell script into a Splunk data source, making the data collection options basically limitless. This post explains a few tricks that are difficult to […]

Continue Reading · 1
HK-Systems-Management

Turning Splunk into a Systems Management Tool

Despite its great power, Splunk is relatively static with regards to the data it processes. You cannot instruct it to simply run a script on all endpoints and index the results. The app HK Systems Management changes that. It turns Splunk into a kind of PsExec on steroids. (more…)

Continue Reading · 0
Splunk Revolution Awards - Stage

Splunk Revolution Award

I am more than happy to announce that I won a Splunk’s Revolution Award in the category developers. The winners were presented on the big screen during the keynote. My slide reads: Helge showed thought leadership with a series of blog posts and ecosystem participation with the availability of the uberAgent for Splunk app. Happy […]

Continue Reading · 0
Splunk search with resulting chart

What is Splunk and How Does it Work?

You have probably heard of Splunk, but can you describe what it does to a colleague in a few sentences? That is not easy. Splunk does not belong in any traditional category but stands apart from the crowd. That makes it interesting, but also the explaining harder. Here is my attempt. (more…)

Continue Reading · 19
REST for the wicked

How to Send Data from C# to Splunk via the REST API

Splunk has a very extensive REST API – which is just a fancy way of saying that many of its capabilities are accessible via standard HTTP(S) requests. While much of the API is well documented, submitting data from C# to Splunk is kept a bit vague. Since I had to do that recently in order […]

Continue Reading · 4
uberAgent - boot IO detail - second boot 2

Boot IO Analysis with uberAgent for Splunk 1.5

Analysing slow boots is a difficult task. You need to install software like XPerf and master its far-from-intuitive command line options to generate a trace file that you can then analyze. Once you find a possible cause for the long startup duration you never know if it is specific to the machine you analyzed or […]

Continue Reading · 0
uberAgent - Network utilization over time

How-to: XenApp/RDS Sizing and Capacity Planning with uberAgent for Splunk

Do you know the maximum number of users each of your terminal servers can host with acceptable performance? You may have found out the hard way how many are too many – but how many are just right? Farm sizing and server capacity planning are typical tasks for consultants who often have a hard time […]

Continue Reading · 0