In Part 1 and Part 2 of this series, we explored the design philosophy behind Splunk Connect for Syslog (SC4S), the goals of the design, and the new HEC-based transport architecture, as well as the rudiments of high-level configuration. We'll now turn our attention to the specifics of SC4S configuration, including a review of the local (mounted) file system layout and the areas in which you'll be working.
Previous installments of this series have given you the overview and configuration details you need to ingest any source that is supported by Splunk Connect for Syslog and configure customizations and overrides that match your enterprise. This leaves one key capability of SC4S that we have not yet covered, and that is extending the platform itself. In this installment, we'll walk through the configuration of an entirely new data source – one that SC4S does address out of the box.
The telecommunications world is in the middle of its fourth industrial revolution. Organisations are trying to bring out as many new services as possible to monetise their infrastructure, but despite their modern approach, they still own and maintain legacy — and most importantly — multi-vendor infrastructures. Due to complex organisational structures and decentralised management systems, most responsibilities are divided between multiple departments.
With a turbulent year and 2020 coming to its end, I’d like to thank you for your continued interest in my blog posts. In my last .conf talks I received a lot of positive feedback combined with the ask to have more posts with such content, so thanks for motivating me and here we go! Recently, my colleague Dimitris wrote about how you can set up DLTK on a AWS GPU Instance.
The Splunk Augmented Reality (AR) team is excited to share more with you. In our first AR post, "Splunk AR: Taking Remote Collaboration To The Future is Already Here," from .conf20, we talked about our new Remote Collaboration feature, which helps field workers and remote experts collaborate in AR. In today’s post, we'll talk about our advancements in Object Detection. This new feature makes it even easier to deploy Splunk AR with your assets.
This part 2 of a 3-part series on running ELK on Kubernetes with ECK. If you’re just getting started, make sure to checkout Part 1.
A typical modern DevOps pipeline includes eight major stages, and unfortunately, a release bottleneck can appear at any point: These may slow down productivity and limit a company’s ability to progress. This could damage their reputation, especially if a bug fix needs to be immediately deployed into production. This article will cover three key ways using data gathered from your DevOps pipeline can help you find and alleviate bottlenecks in your DevOps pipeline.
This blog is part two of Splunk's Sunburst Backdoor response aimed at providing additional guidance to our customers (you can read part one, "Using Splunk to Detect Sunburst Backdoor," by Ryan Kovar). In this blog, we’ll cover how to ingest threat indicators to combat Sunburst Backdoor in Splunk Enterprise Security (ES).
The news of the “Sunburst Backdoor” malware delivered via SolarWinds Orion software has organizations choosing to shut down Orion to protect themselves. This includes several U.S. government organizations following the recent CISA guidance. If you are considering a similar response in your own environment, a critical next step is quickly restoring the lost visibility to the health and operations of your infrastructure.
We’re excited to share that the official Elastic Cloud Terraform provider is now available in beta. Operations and SRE teams often rely on Terraform to safely manage production-related infrastructure using methodologies such as infrastructure as code, which allows you to apply peer-reviewed infrastructure changes in an automated and controlled fashion. The provider works with Elasticsearch Service on Elastic Cloud, Elastic Cloud Enterprise, and Elasticsearch Service Private environments.
