Posts

How to Create a Splunk KV Store State Table or Lookup in 10 Simple Steps

/in , , /by

As of Splunk 6.2, there is a Key-Value (KV) store baked into the Splunk Search Head. The Splunk KV store leverages MongoDB under the covers and among other things, can be leveraged for lookups and state tables. Better yet, unlike regular Splunk CSV lookups, you can actually update individual rows in the lookup without rebuilding the entire lookup – pretty cool! In this article, we will show you a quick way of how you can leverage the KV store as a lookup or state table. Read more

How to Secure and Harden Splunk Enterprise

/in /by

The following blog posting provides guidance on steps that can be taken to secure and harden Splunk environments. Many of the security feature essentially follow security best practices, while others would probably only be implemented if there was a business or regulatory need to do so. Read more

How to Stream Twitter into Splunk in 10 Simple Steps

/in /by

So many people talk about the need to index tweets from twitter into Splunk, that I figured I would write a post to explain just how easy it is. Within 10 steps and a few minutes, you will be streaming real-time tweets into Splunk, with the fields all extracted and the twitter data fully searchable. Read more