Splunk Indexer Clustering: Your Hero in the Fight Against Data Loss
It was an otherwise uneventful Thursday afternoon. I was going about my day, helping Splunk clients onboard data and putting some finishing touches on my .conf22 session presentation, when I got a dreaded email from AWS: Without any other fanfare and in a way that wasn’t much different from notifying ... Read More
How to Improve Your Data Model Acceleration in Splunk
Data Model Acceleration (DMA) is critical to proper alerting in the Splunk Enterprise Security Suite. This tutorial will walk you through the process of auditing your DMA searches so they’re running as efficiently as possible. Why DMA? Splunk uses Data Model Acceleration (DMA) to allow searches to run faster than ... Read More
Deploying the Splunk Universal Forwarder on Linux
In the first part of this series, I walked you through the process of getting the Splunk Universal Forwarder installed on your Windows systems. I’ve gotten a lot of feedback asking for a similar one for Linux systems, which is what we’ll explore in this tutorial. As mentioned in the ... Read More
Using AWS Auto Scaling Groups with Splunk
AWS Auto Scaling groups allow you to dynamically allocate resources for different types of usage scenarios. This approach can be very effective for allowing an application to scale to an unpredictable and varying level of users and needed compute resources. However, in order for auto-scaling to work properly, the application ... Read More
Using Splunk Cloud Platform ACS API
Splunk Cloud Platform recently introduced a new feature which empowers administrators to make changes in their Splunk Cloud Platform environment that previously required support tickets. This feature, the Admin Config Service (ACS) API, will be a great addition to your toolkit as a Splunk Cloud Platform administrator. In this tutorial, ... Read More
Security vs. Compliance: What’s the difference?
Following a recent and frustrating password experience, I was reminded of some of the ways we–as security professionals–can sometimes undermine the very culture of security we’ve worked so hard to imbue in our users. Through my experience, I’ll highlight the confusion and other pervasive problems it exposes, explaining the differences ... Read More
Deploying the Splunk Universal Forwarder on Windows
The Splunk Universal Forwarder is the best mechanism for collecting logs from servers and end-user systems. In order to collect logs at scale, it is necessary to deploy the Universal Forwarder to every system where log collection is required. Managing the deployment of the Universal Forwarder is best handled via ... Read More
How to Generate a Diag in Splunk
When working with your Splunk environment or troubleshooting an issue, we (or Splunk Support if you aren’t a Hurricane Labs Managed Splunk Services customer) may need to collect some additional information from the system to assist with troubleshooting. This is called a Splunk diagnostic file, or diag for short. This ... Read More
Inside Splunk Certification Exam Development
Have you ever wondered what goes into the development of the Splunk Certification exams? If so, you’re in the right place. In this post, I will discuss the Splunk exam development process, how Splunk Trust folks got involved in writing exam questions, and what to keep in mind when you’re ... Read More
Your Splunk Guide for Smooth Sailing with CEF Field Extractions
One of the more common log formats you’ll run into when importing data into Splunk is the ArcSight Common Event Format (CEF). A unique feature of CEF is its ability to support custom extensions, which allows for vendor flexibility when looking to log data that is otherwise not handled by ... Read More
