Ninjas on a Mission: Things to Know When Migrating Your Splunk Deployment

Posted by Natalie Kalas on January 28, 2015 Best Practices, Operational Intelligence Splunk, Best Practices, Splunk Migrations

Splunk is a journey. Whether you are a newbie playing around with Splunk on your local machine or have a multi-instance distributed Splunk deployment, your knowledge of Splunk is always evolving. Typically, the more you know about Splunk, the more you want to do with Splunk. Often, proof of concepts (POCs) turn into production environments and soon enough you’re increasing your license and looking into new architecture. Congratulations, you have become a full on Splunk ninja! Now, how do we migrate your current Splunk deployment to ‘beefier’ hardware, minimizing downtime, and maximizing...

read more

Have You Learned Your Lesson?

Posted by Puja Katari on January 20, 2015 Best Practices Best Practices, lessons learned, continuous improvement process

Does your organization emphasize the importance of lessons learned? Aside from occasional references to past project failures, few organizations give much thought to learning about the past. In my experience, this is a best practice area that is most often minimized or entirely overlooked.  Lessons learned process is one that crosses functional boundaries and allows an organization to learn from both its mistakes and its successes. An effective process should prevent us from repeating mistakes and ensure that we continue to use methods that were successful. It should be an instrumental...

read more

Bootstrap - a responsive HTML framework

Posted by Casey Fox on January 06, 2015 Development HTML, CSS, responsive design

Spinning up a website can take a lot of work, especially if you want the site to be fully responsive. Utilizing a framework saves time, many are responsive out of the box and most have a very clean, modern look. My current preference is Twitter’s Bootstrap for several reasons. It’s currently on version 3, so it’s been around for a while and is very stable. It makes setting up a 100% responsive, clean, modern website quick and easy, and most importantly has inherent cross browser compatibility. It includes...

read more

Clustering: It's Not Just For Indexers

Posted by Naveed Krabbe on December 15, 2014 Operational Intelligence Splunk, Search Head Clustering, Captain

The release of Splunk Enterprise 6.2 introduced several great new features and enhancements. The new capabilities center around a new faster interface designed to assist with data onboarding, easier analytics and event pattern detection, and improved scalability and centralized management. While I would definitely recommend exploring the first two topics, this blog will focus on the latter. Core to the improvements in scalability and centralized management within Splunk Enterprise 6.2 is the introduction of Search Head Clustering. Search Head Clustering (SHC) is a direct replacement for...

read more

Generating Splunk Buckets

Posted by Philips Thomas on November 26, 2014 Best Practices, Operational Intelligence Splunk Buckets Generating Buckets
Intro

Recently, we worked with a client that was using a multi-tiered storage configuration for their Splunk deployment.  One tier was used for hot/warm data and the other tier for cold storage.  We wanted to test the cold storage tier specifically.  We used the Splunk event generator to produce data and tweaked some index settings to generate buckets (if you haven’t used the event generator before, here's a previous blog post for reference). 

Index Configuration

In the configuration below...

read more
Stay In Touch