Operations | Monitoring | ITSM | DevOps | Cloud

July 2021

Splunk Mobile - Backend Summary (in 60s)

Get to know the Secure Gateway Splunk app, which allows you to deploy and manage your fleet of mobile devices at scale. Plus, take a peek behind the scenes to learn how Splunk Secure Gateway facilitates communication between mobile devices and Splunk platform instances using an end-to-end encrypted cloud service called Spacebridge. Finally, get the latest on Spacebridge compliance and data privacy, since Spacebridge has now been certified to meet SOC2, Type 2 and ISO 27001 standards and is HIPAA and PCI-DSS compliant.

Splunk Cloud Monitoring Console on Mobile (in 60s)

The Cloud Monitoring Console (CMC) lets Splunk Cloud administrators view information about the status and performance of their Splunk Cloud deployment at a glance. On Splunk Mobile, you can access many of the same CMC dashboards as on Splunk Web. Whether you’re interested about your users, indexes, searches, or ingest volume, you can access this data on the go or at the comfort of your own couch.

Splunk On-Call prevents and cuts downtime episode length by half

Your Answer: Escalate the right alerts to the right on-call people for fast collaboration and issue resolution with Splunk On-Call. Reduce burn-out and make on-call suck less with a complete ChatOps experience that's integrated with your IT stack and incident reporting.

How to Maximize the Performance of Your Kubernetes Deployment

With Kubernetes emerging as a strong choice for container orchestration for many organizations, monitoring in Kubernetes environments is essential to application performance. Poor application/infrastructure performance impact in the era of cloud computing, as-a-service delivery models is more significant than ever. How many of us today have more than two rideshare apps or more than three food delivery apps?

Splunk Machine Learning Toolkit Overview

You no longer have to be a data scientist to bring intelligence to your Splunk data. The Machine Learning Toolkit (MLTK) availble for free on Splunkbase, is a purpose built tool that extends Splunk Processing Language (SPL) with machine learning algorithms, new commands, and powerful visualizations. This video provides a high-level overview of MLTK and preview the use-cases that it supports.

Splunk Mobile - Overview (in 60s)

Splunk Mobile enables you to unlock value from your data anywhere at any time. Regardless of your role or level of technical expertise, you can use Splunk Mobile to view dashboards and take action from your mobile device. Whether you’re a C-suite executive looking for a report, a NOC manager investigating an issue, or a SOC analyst uncovering an anomaly, getting answers has never been more convenient with the power of Splunk in the palm of your hands. Splunk Mobile is made for all organizations and roles, including yours.

Splunk SOAR Feature Video: Custom Functions

Splunk SOAR’s custom functions allow shareable custom code across playbooks and the introduction of complex data objects into the playbook execution path. These aren’t just out-of the-box playbooks, but out-of-the-box custom blocks that save you time and effort. This allows for centralized code management and version control of custom functions providing the building blocks for scaling your automation, even to those without coding capabilities.

Splunk SOAR Feature Video: Contextual Action Launch

Splunk SOAR apps have a parameter for action inputs and outputs called "contains". These are used to enable contextual actions in the Splunk SOAR user interface. A common example is the contains type "ip". This is a powerful feature that the platform provides, as it allows the user to chain the output of one action as input to another.

Splunk SOAR Feature Video: Configure Third Party Tools

To get started in Splunk SOAR, you will need to configure an asset. Assets are the security and infrastructure assets that you integrate with the Splunk SOAR platform, like firewalls and endpoint products. Splunk SOAR connects to these assets through apps. Apps extend the platform by integrating third-party security products and tools.

Detecting SeriousSAM CVE-2021-36934 With Splunk

SeriousSAM or CVE-2021-36934 is a Privilege Escalation Vulnerability, which allows overly permissive Access Control Lists (ACLs) that provide low privileged users read access to privileged system files including the Security Accounts Manager (SAM) database. The SAM database stores users' encrypted passwords in a Windows system. According to the Microsoft advisory, this issue affects Windows 10 1809 and above as well as certain versions of Server 2019.

Onboarding Data in Splunk Security Analytics for AWS

Splunk Security Analytics for AWS’ new data onboarding wizard quickly takes you from subscribing to the service to visualizing your AWS environment. We’ll walk through the wizard in this video, and you’ll see how the new process can save you hours, days or even weeks when compared to traditional data onboarding processes.

With Splunk Synthetic Monitoring, proactively find and fix your user experience issues

Trend, visualize, and improve performance of all your page resources and third party dependencies. Detect and resolve issues faster across your critical user flows, business transactions and API endpoints using Splunk Synthetic Monitoring.

Get Started with Splunk for Security: Splunk Security Essentials

Continuing to ride the waves of Summer of Security and the launch of Splunk Security Cloud, Splunk Security Essentials is now part of the Splunk security portfolio and fully supported with an active Splunk Cloud or Splunk Enterprise license. No matter how you choose to deploy Splunk, you can apply prescriptive guidance and deploy pre-built detections from Splunk Security Essentials to Splunk Enterprise, Splunk Cloud Platform, Splunk SIEM and Splunk SOAR solutions.

Prioritize and resolve performance defects with Splunk Web Optimization

Find, fix and prevent web performance issues with an intelligent optimization engine. From Google's Lighthouse scores to core web vitals and 50+ modern performance metrics, learn to benchmark and improve page performance and user-experience with Splunk Web Optimization. Get a free trial as part of Splunk Synthetic Monitoring today.

Detect any issue with Splunk APM before it turns into a customer problem

With 100% of spans and traces captured, Splunk APM meets any necessary business KPI’s and SLO metrics while investigating and troubleshooting transaction errors related to a backend application. Easily construct error budgets that measure performance of services today - learn how with this free trial Splunk Observability Cloud.

Deep Learning Toolkit 3.6 - Automated Machine Learning, Random Cut Forests, Time Series Decomposition, and Sentiment Analysis

We’re excited to share that the Deep Learning Toolkit App for Splunk (DLTK) is now available in version 3.6 for Splunk Enterprise and Splunk Cloud. The latest release includes: Let’s get started with the new operational overview dashboard which was built using Splunk’s brand new dashboard studio functionality which I highly recommend checking out. You can learn more about it in this recent tech talk which you can watch on demand.

Dissecting DevOps - Code-to-Cloud Visibility: The Framework for DevOps Success

Recording from the DevOps.com webinar Code-To-Cloud Visibility where Splunker Chris Riley covers the key concepts to maintain visibility from the point a feature is defined to the point that feature runs in production. Learn about the practices of DevSecOps, Pipeline Analytics, and Observability. And why a Code-To-Cloud strategy is necessary to support and accelerate Cloud and DevOps transformation.

How to Instrument a Java App Running in Amazon EKS

As we start to see big moves from monolith deployments to microservices, the adoption of Kubernetes has become top of mind for many SREs. Organizations can leverage the open-source system to automate deployments, scale, and manage containers, making Kubernetes one of the primary solutions for delivering workloads. However, maintaining the system can be difficult and, in some cases, overwhelming.

Dissecting DevOps - Measuring quality in a SaaS world: SLA, SLI, SLO

Now that software is delivered over the web and not in a box, how developers guarantee quality to their users has radically changed. Users do not care about version numbers or floppy disks. They just want access to a service that just works. In the microservices world, the quality of your service both to your internal users and external is measured by SLAs, SLIs, and SLOs. And how you decide what those metrics are is a key strategy.

Taking Inventory of Your Google Cloud

Splunk Cloud Architect Paul Davies recently authored and released the GCP Application Template, a blueprint of visualizations, reports, and searches focused on Google Cloud use cases. Many of the reports included in his application require Google Cloud asset inventory data to be periodically generated and sent into Splunk. But HOW exactly do you craft that inventory generation pipeline so you can "light-up" Paul's application dashboards and reports?

Introducing Splunk Federated Search

Rapid digital transformation partnered with increased cloud adoption have resulted in organizations generating unprecedentedly large volumes of data. This data is stored in disparate data repositories due to organizational boundaries, data protection, and privacy laws (e.g. GDPR). Additionally, it is stored across environment types with some kept in the cloud and often historical data and other sensitive data types are kept in on-premise environments contributing to more data silos.

API 2.0: TruSTAR Operationalizes Data Orchestration and Normalization for a New Era in Intelligence Management

Today we released API 2.0, the latest version of TruSTAR’s API-First Intelligence Management Platform. This new version continues our commitment to simplify and streamline intelligence for automation in enterprise security intelligence management, and breaks through long-standing industry limitations around operationalizing data orchestration and normalization.

Managing Updates to the Splunk Cloud Vetting Process

Before apps can be installed in a customer’s Splunk Cloud deployments, these apps have to go through Splunk’s cloud vetting process. Cloud vetting helps ensure that apps are safe and performant for our mutual customers to use in Splunk Cloud. It’s important for us to make regular updates to our cloud vetting requirements in order to ensure apps running on Splunk Cloud are “up to snuff”.

Demystifying the Hype Around XDR

Extended Detection and Response (XDR) has generated a lot of buzz recently with press, analysts, and even customers. There’s no denying that, at face value, its promise of reduced complexity and cost while increasing detection and response is alluring. As security teams look to modernize their security tooling, they’re also looking for solutions to some of their largest challenges. Is XDR the answer? What is XDR, exactly, and how do you determine if it’s right for your organization?

Real User Monitoring: Past, Present and Future

Most front-end developers and practitioners are familiar with real user monitoring (RUM) tools as a means to understand how end-users are perceiving the performance of applications. Few people, however, are aware of the history of the RUM market, going back more than two decades. Over the years, as the internet has evolved with new technologies, RUM tools have evolved in lock-step to cater to the ever changing needs and use cases of engineering teams.

That's A Data Problem - Accelerating Cloud Transformation | Splunk's James Hodge & Daniel Newman

With a massive shift to cloud infrastructure, organizations are now wrestling with operational complexity. Leadership must look to data solutions that support their cloud strategies, empower their people to make decisions and reach their business outcomes. Tech Analyst Daniel Newman and Global Chief Technical Advisor at Splunk, James Hodge, take a deep dive into accelerating cloud-driven transformation and discuss the benefits and best practices for achieving desired business outcomes.

Monitoring IT Just Got Easier: Introducing the New Splunk App for Content Packs

We’re thrilled to announce the release of the Splunk App for Content Packs, an app that acts as a one-stop shop for prepackaged content and out-of-the-box searches and dashboards for common IT infrastructure monitoring sources, making it easy to get up and running with Splunk for IT use cases. In the past, you may have had to install and manage individual apps like Splunk App for VMWare and Splunk App for Windows Infrastructure.

The Digital Experience Trap: Are Companies Going Pro With Amateur Tools?

Recently, I’ve been thinking a lot about the relationship between world-class athletes and world-class IT systems. At first glance, it seems like there’d be little to compare, but there’s an interesting relationship between preparation and performance both these worlds share. During the Olympics, we see people cover 100 metres in under 10 seconds, cut through a pool in a minute, and stick landings with precision.

Five Questions Your Organization Must Ask to Prepare For a Ransomware Attack

Since last week, I’ve been speaking with Splunk customers and our own team about the cyberattacks impacting the Kaseya software platform. While Splunk was not impacted by the ransomware attack, as a security leader we want to help the industry by providing tools, guidance and support. It’s critical that we work together as a community to counter cybersecurity threats and share information about events like these.

Splunk Named a Leader in the 2021 Gartner SIEM Magic Quadrant for the Eighth Time

Splunk was named a Leader for the eighth consecutive time this week in the Gartner Magic Quadrant for Security Information and Event Management (SIEM)*. In our opinion, this recognition marks one of the longest running recognitions in the history of the SIEM market. The recognition comes on the heels of Splunk also being ranked No.

Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt

When Splunk told me we would have a “breach holiday” theme for the summer, I didn’t think it would be quite so on the nose… For those of you who have been working on this Kaseya REvil Ransomware incident over the weekend, I salute you. We’ve been doing the same. As usual, my team here at Splunk likes to make sure that we have some actionable material before posting a blog, and this time is no different.

Fashionably Late: The Zero Trust Trend is Here to Stay

I have often joked that IT, and in particular cybersecurity, is like fashion — not a lot is ever new, just reimagined and, in some cases, improved. As I sit pondering the beauty of my COVID-19 comb-over mullet, I have found myself thinking about how this fashion analogy applies to zero trust.

I Pity the Spool: Detecting PrintNightmare CVE-2021-34527

On Monday, June 21st, Microsoft updated a previously reported vulnerability (CVE-2021-1675) to increase its severity from Low to Critical and its impact to Remote Code Execution. On Tuesday, June 29th, a security researcher posted a working proof-of-concept named PrintNightmare that affects virtually all versions of Windows systems. Yesterday, July 1, Microsoft assigned this flaw a new CVE, CVE-2021-34527.

How to Optimize Your Cloud Spend Using Observability

The rise of public cloud services has enabled businesses to innovate faster, scale effortlessly, and adopt more advanced technologies easier than ever before. However, there’s a dark side to using public cloud services: complexity and cost. Public cloud services can scale to handle almost any workload, but in doing so, they can quickly generate unpredictable costs for your business.

Distributed Tracing for Kafka Clients with OpenTelemetry and Splunk APM

This blog series is focused on observability into Kafka based applications. In the previous blogs, we discussed the key performance metrics to monitor different Kafka components in "Monitoring Kafka Performance with Splunk" and how to collect performance metrics using OpenTelemetry in "Collecting Kafka Performance Metrics with OpenTelemetry." In this blog, we'll cover how to enable distributed tracing for Kafka clients with OpenTelemetry and Splunk APM.