Category Archives: Splunk

Splunk SSO with an IIS Reverse Proxy

I recently engaged with a customer who wanted to Splunk their CA Service Desk Manager system and I created some very powerful dashboards – of course 🙂 They also requested Single Sign…

Puppet & Splunk FTW

Puppet recently announced the release of a brand new app called “Puppet Enterprise App for Splunk”: https://splunkbase.splunk.com/app/3100 The app is currently certified for Splunk >= 6.3.0, and I successfully deployed…

Making The Windows Perfmon Uptime Metric CIM Compliant

Common Information Model: Imposing Order On Data Chaos I’m a fan of Splunk’s Common Information Model (CIM). In a world of widely divergent formats and unstructured data, the CIM is…

SIEM T.N.G.

To SIEM or not to SIEM? Whether or not to implement a SIEM solution generally comes down to if you have a dedicated team to care and feed it. To…

The Official Way To Comment Splunk SPL

Over the years, I’ve written some crazy long searches in Splunk. When searches get to 30-40 lines, its a really good idea to comment it, so that when it comes…

Splunk Has Just Levelled Up In Geospatial Visualisation

Splunk’s Annual User Conference, .Conf 2015 was awash with software releases and product launches. One of the more exciting visualisation features introduced in Splunk 6.3 is the Choropleth map. What…

Splunk .Conf 2015 FTW!!!

A couple of weeks ago, I was lucky enough to attend Splunk .Conf 2015, Splunk’s 6th Annual User’s Conference in Las Vegas. I had an awesome time, met a lot…

Lifting The Lid On SQL Server Performance Using Splunk

Let’s face it. Databases are still key in today’s enterprise environments. They also tend to be complex and therefore the most misunderstood component of the application stack, resulting in databases…

What The Splunk?

Splunk is a flexible and powerful data analytics platform. While the capabilities it provides are many, the learning curve can be quite steep and mastering Splunk can be a little…

Splunk vs. Open Source

A long time ago in a galaxy far, far away…. “I’m Luke Skywalker, I’m here to rescue you.” As a Splunk (Consultant|Ninja|Jedi), I often get asked the following question, “Why…