Archive | Splunk

Splunk - open in search-900

Splunk Accelerated Data Models – Part 3

This article is based on my Splunk .conf 2015 session and is the second in a mini-series on Splunk data model acceleration. Make sure to read parts 1 and 2 first. Searching Accelerated Data Models Which Searches are Accelerated? The high-performance analytics store (HPAS) is used only with Pivot (UI and the pivot command) and […]

Continue Reading · 1
Splunk - Checking the data model acceleration status

Splunk Accelerated Data Models – Part 2

This article is based on my Splunk .conf 2015 session and is the second in a mini-series on Splunk data model acceleration. Make sure to read part 1 first. Under the Hood HPAS Population The high-performance analytics store (HPAS) is populated by scheduled searches that run every 5 minutes. The HPAS spans a user-defined time […]

Continue Reading · 0
Splunk data model acceleration

Splunk Accelerated Data Models – Part 1

This article is based on my Splunk .conf 2015 session and is the first in a mini-series on Splunk data model acceleration. Why Accelerate? Have you ever seen this? Splunk is great and very fast with needle in a haystack searches, e.g. find a specific keyword in millions of events. It is not so fast […]

Continue Reading · 0
<a href="https://www.flickr.com/photos/puuikibeach/9074797310/">Pillar of Darkness Expedition: 1913</a> by <a href="https://www.flickr.com/photos/puuikibeach/">davidd</a> under <a href="https://creativecommons.org/licenses/by/2.0/">CC</a>

Splunk Scripted Input Secrets

Splunk’s Universal Forward has the neat capability of executing arbitrary scripts while capturing their output and sending that to Splunk. This feature allows you to turn any executable, batch file or PowerShell script into a Splunk data source, making the data collection options basically limitless. This post explains a few tricks that are difficult to […]

Continue Reading · 1
Splunk Revolution Awards - Stage

Splunk Revolution Award

I am more than happy to announce that I won a Splunk’s Revolution Award in the category developers. The winners were presented on the big screen during the keynote. My slide reads: Happy splunking!

Continue Reading · 0
Splunk search with resulting chart

What is Splunk and How Does it Work?

You have probably heard of Splunk, but can you describe what it does to a colleague in a few sentences? That is not easy. Splunk does not belong in any traditional category but stands apart from the crowd. That makes it interesting, but also the explaining harder. Here is my attempt. (more…)

Continue Reading · 17
uberAgent - Network utilization over time

How-to: XenApp/RDS Sizing and Capacity Planning with uberAgent for Splunk

Do you know the maximum number of users each of your terminal servers can host with acceptable performance? You may have found out the hard way how many are too many – but how many are just right? Farm sizing and server capacity planning are typical tasks for consultants who often have a hard time […]

Continue Reading · 0
uberAgent - Browser Performance per Site and Hostname 3

Monitoring Browser Performance per Site with uberAgent for Splunk

The days are long gone when a browser was just another application. Modern websites are applications of their own, and the browser is their operating system. That has consequences for monitoring. It is no longer sufficient to gather performance data for the browser as a whole. When, for example, Internet Explorer’s CPU usage is high, […]

Continue Reading · 0