Blog

 

General Splunk Posts

Mapping Sites

We have a blog on putting calls on a map, but what do you do if you want to map internal calls? Easy! The process is Set up sites Find some data, Add a few magic commands Listen to the applause from your teammates and boss! Set up Sites I won’t belabor the parts of…  continue reading…

Quick Wins, #2 – Creating Dashboards

In our last installment (Quick Wins #1 – High Value information) , we showed a variety of simple to run, high impact reports. Today, let’s put some of them on a dashboard. This process has several steps.  We are going to Put a graph on a brand new dashboard, creating the dashboard in the process….  continue reading…

Migrations, and moving our app to a new system

We get asked fairly regularly about moving our app from one server to another. The answer to this question is very dependent on your environment. In the below we talk about a migration strategy for a single standalone Splunk server with our apps on it, that’s acting as your SFTP server for your CUCM implementation,…  continue reading…

Alerting

Building a custom alert We get occasional questions involving alerting. While we have a built-in 911 alert, we don’t build in any others. This is of course because no two needs are close enough that one alert would work for both except maybe in that “Someone made a call to emergency services” scenario. But as…  continue reading…

Come see Nick talk at conf19 – “Master joining without using join”

If you’re coming to the Splunk user conference in Vegas, aka conf19, come see my talk – “Master Joining Your Datasets Without Using Join”! It’s on Thursday 10/24 10:30am. If you use Splunk and you have any searches or reports that use the join, append, or transaction commands this is a talk for you. Likewise…  continue reading…

Splunk conf2019, come and find us!

I hope you are coming!  Nick and I will both be there in various capacities. Nick is giving a talk – it’s a new and improved version of his long-standing  talk on building performant searches by using the stats command instead of join or other less efficient commands. I will be helping out at the…  continue reading…

UCCX, the beginnings

We occasionally get requests to incorporate UCCX information into the Cisco CDR Reporting and Analytics app.  That turns out to be a rather large undertaking! Just because it is unlikely to get incorporated into our flagship product any time in the near future doesn’t mean that you can’t ingest that data and take a look…  continue reading…

Splunk development adventures in Splunk 8.0 with Python3 on.

Splunk Enterprise 8.0 is coming! And it has Python3! Disclaimer: If you have never written any Python in Splunk and don’t plan on it, this is probably not the blog post for you. Still there? OK the short version is that Splunk Enterprise 8 ships both Python2 and Python3. The core python pieces inside Splunk…  continue reading…

Custom Maps – 3, Converting Your Map Into a Choropleth Map

Imagine plotting your printer error count directly on a floorplan, or dropping count of failed backups on a campus map so you know which locations are having problems! If you were to search for “Splunk custom map”, you might find as I have that the only customizations they talk about involve just putting *your* data…  continue reading…

Custom Maps – 2, Using Your Map Inside Splunk

Imagine plotting your printer error count directly on a floorplan, or dropping count of failed backups on a campus map so you know which locations are having problems! If you were to search for “Splunk custom map”, you might find as I have that the only customizations they talk about involve just putting *your* data…  continue reading…

Custom Maps – 1, Create a Tileset

Imagine plotting your printer error count directly on a floorplan, or dropping count of failed backups on a campus map so you know which locations are having problems! If you were to search for “Splunk custom map”, you might find as I have that the only customizations they talk about involve just putting *your* data…  continue reading…

Postprocess searches – pitfalls galore

As you develop a custom view you start with one chart or one table. After a while you’ve added and added, and you’re dispatching several searches. Often you’ll see that a lot of searches are pretty similar to each other. You’re getting the same events off disk more than once and you’re making Splunk do…  continue reading…

There’s always a worse way

In the Splunk search language there is almost always a better way, and someone on answers.splunk.com to teach you about it. Less commonly advertised though, is the fact that there is ALWAYS a worse way… So let’s drive the wrong way down a one way street. Bear with me. First, a warning. Driving the wrong…  continue reading…

Fire drill around Splunk 5.0

We just updated all of our apps!  Why, you ask? Well, Splunk 5.0 was released this morning, and despite having tested everything against earlier 5.0 builds,   when the GA version of Splunk 5.0 released this morning, we had a little problem! As you (the Sideview user) know,  Sideview Utils and Sideview apps in general…  continue reading…