This document provides an overview of Splunk's developer platform for building applications and customizing Splunk. It discusses the Splunk web framework, REST API, SDKs for various languages, and sample apps. The web framework allows developing custom UIs using familiar technologies like JavaScript and Django. The REST API exposes all of Splunk's functionality and can be used to integrate Splunk with other applications. SDKs simplify making requests to the REST API from languages like Python, Java, and JavaScript. Sample apps demonstrate how to build custom functionality like monitoring devices and generating mood reports. Support resources for developers include the documentation, support site, GitHub, and Twitter account.
OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdfNETWAYS
Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent, and collectors. In this talk I will present OpenTelemetry, an ambitious open source project with the promise of a unified framework for collecting observability data. With OpenTelemetry you could instrument your application in a vendor-agnostic way, and then analyse the telemetry data in your backend tool of choice, whether Prometheus, Jaeger, Zipkin, or others. I will cover the current state of the various projects of OpenTelemetry (across programming languages, exporters, receivers, protocols), some of which not even GA yet, and provide useful guidance on how to get started with it.
OSMC 2022 | AI Driven Observability based on Open Source by Satish KarunakaranNETWAYS
Observability & monitoring of resources are growing every day and it is inevitable to analyse all the data points to arrive at a solution. At Mercedes-Benz we have developed an open source Data Metric Analyzer and drive it with Data Science to identify Anomalies. As part of this talk, I / we would like to discuss about how we established the entire Data Processing Eco-System based on Open Source. Different technologies that would be talked about includes:
– Python: Data Science Components
– Airflow: Data Orchestration for metrics
– Telegraf: Data Collection
– TimescaleDB: Data Store for Timeseries Data
– Grafana + Streamlit: Visualization
The talk explores following topics:
- What is the search relevance and why is it important?
- Relevance scoring in Elasticsearch
- Manipulating relevance with Query DSL structure
- Pros and cons in using Machine Learning for improving search relevance
- Using Learning to Rank (aka Machine Learning for better relevance) in Elasticsearch
OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdfNETWAYS
Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent, and collectors. In this talk I will present OpenTelemetry, an ambitious open source project with the promise of a unified framework for collecting observability data. With OpenTelemetry you could instrument your application in a vendor-agnostic way, and then analyse the telemetry data in your backend tool of choice, whether Prometheus, Jaeger, Zipkin, or others. I will cover the current state of the various projects of OpenTelemetry (across programming languages, exporters, receivers, protocols), some of which not even GA yet, and provide useful guidance on how to get started with it.
OSMC 2022 | AI Driven Observability based on Open Source by Satish KarunakaranNETWAYS
Observability & monitoring of resources are growing every day and it is inevitable to analyse all the data points to arrive at a solution. At Mercedes-Benz we have developed an open source Data Metric Analyzer and drive it with Data Science to identify Anomalies. As part of this talk, I / we would like to discuss about how we established the entire Data Processing Eco-System based on Open Source. Different technologies that would be talked about includes:
– Python: Data Science Components
– Airflow: Data Orchestration for metrics
– Telegraf: Data Collection
– TimescaleDB: Data Store for Timeseries Data
– Grafana + Streamlit: Visualization
The talk explores following topics:
- What is the search relevance and why is it important?
- Relevance scoring in Elasticsearch
- Manipulating relevance with Query DSL structure
- Pros and cons in using Machine Learning for improving search relevance
- Using Learning to Rank (aka Machine Learning for better relevance) in Elasticsearch
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
( ELK Stack Training - https://www.edureka.co/elk-stack-trai... )
This Edureka tutorial on What Is ELK Stack will help you in understanding the fundamentals of Elasticsearch, Logstash, and Kibana together and help you in building a strong foundation in ELK Stack. Below are the topics covered in this ELK tutorial for beginners:
1. Need for Log Analysis
2. Problems with Log Analysis
3. What is ELK Stack?
4. Features of ELK Stack
5. Companies Using ELK Stack
Openness is important at Elastic — we code in the open, communicate directly with our users, and offer free, powerful software that can be deployed across major cloud providers or through self-managed downloads. Learn how Elastic Security delivers on our free and open philosophy to help SecOps teams take a broader, more inclusive approach to security and set their organizations up for success.
Learning to Rank Presentation (v2) at LexisNexis Search GuildSujit Pal
An introduction to Learning to Rank, with case studies using RankLib with and without plugins provided by Solr and Elasticsearch. RankLib is a library of learning to rank algorithms, which includes some popular LTR algorithms such as LambdaMART, RankBoost, RankNet, etc.
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
( ELK Stack Training - https://www.edureka.co/elk-stack-trai... )
This Edureka tutorial on What Is ELK Stack will help you in understanding the fundamentals of Elasticsearch, Logstash, and Kibana together and help you in building a strong foundation in ELK Stack. Below are the topics covered in this ELK tutorial for beginners:
1. Need for Log Analysis
2. Problems with Log Analysis
3. What is ELK Stack?
4. Features of ELK Stack
5. Companies Using ELK Stack
Openness is important at Elastic — we code in the open, communicate directly with our users, and offer free, powerful software that can be deployed across major cloud providers or through self-managed downloads. Learn how Elastic Security delivers on our free and open philosophy to help SecOps teams take a broader, more inclusive approach to security and set their organizations up for success.
Learning to Rank Presentation (v2) at LexisNexis Search GuildSujit Pal
An introduction to Learning to Rank, with case studies using RankLib with and without plugins provided by Solr and Elasticsearch. RankLib is a library of learning to rank algorithms, which includes some popular LTR algorithms such as LambdaMART, RankBoost, RankNet, etc.
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
How to Design, Build and Map IT and Business Services in SplunkSplunk
Your IT department supports critical business functions, processes and products. You're most effective when your technology initiatives are closely aligned and measured with specific business objectives. This session covers best practices and techniques for designing and building an effective service model, using the domain knowledge of your experts and capturing and reporting on key metrics that everyone can understand.
Data scientists utilize a variety of tools and techniques to obtain insights from data. In this session, we discuss where and how Splunk fits into the data scientist's tool belt. We highlight Splunk’s built-in statistical capabilities and integrate external statistical and graphical tools to showcase data preparation, predictive modeling and visualization.
Splunk SDKs make it faster and more efficient to program using the Splunk REST API using constructs and syntax familiar to developers who are experienced in Java, Python, JavaScript and PHP. This makes it easier to integrate data from Splunk with other applications across the enterprise.
Integrating Splunk into your Spring ApplicationsDamien Dallimore
How much visibility do you really have into your Spring applications? How effectively are you capturing,harnessing and correlating the logs, metrics, & messages from your Spring applications that can be used to deliver this visibility ? What tools and techniques are you providing your Spring developers with to better create and utilize this mass of machine data ? In this session I'll answer these questions and show how Splunk can be used to not only provide historical and realtime visibility into your Spring applications , but also as a platform that developers can use to become more "devops effective" & easily create custom big data integrations and standalone solutions.I'll discuss and demonstrate many of Splunk's Java apps,frameworks and SDK and also cover the Spring Integration Adaptors for Splunk.
Visual Studio Online is the online home for your development projects. Visual Studio Online connects to Visual Studio, Eclipse, Xcode, and other Git clients to support development for a variety of platforms and languages.
Find out more about how you can use the power of Visual Studio Online to drive your development projects.
SplunkLive! Amsterdam 2015 - Web Framework & 3rd Party VisualizationSplunk
Besides seeing the newest features in Splunk Enterprise, we will show you how to use the Splunk Web Framework and 3rd party visualisations to create rich, interactive experiences using Splunk and its analytical capabilities.
In this presentation we'll explore the latest developments in MuleSoft's Anypoint Code Builder IDE and how it can help streamline your integration projects. We'll also dive into the exciting world of Splunk and demonstrate how to efficiently push your application logs to Splunk for real-time analysis and troubleshooting.
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. Agenda
Intro to Splunk for Application Development
Splunk Developer Platform
Web Framework
REST API
SDKs and Tools
Some Sample Apps
Support and Community
2
3. Setting expectations
•
This session does not replace training (not even close)
•
We are not walking through building an App
•
I am not debugging your source code
•
I will show you how to use Splunk from the command line
•
I will show examples of the REST API
•
I will show some sample work
3
6. How Do Developers Use Splunk?
Accelerate
Dev & Test
Integrate with IT
Infrastructure
Build Real-time Big Data
Applications
7. Accelerate
Dev & Test
Every Application Developer Should
Use Splunk
– Get applications ready for production faster
– Find and fix bugs
– Trace transactions in real time
– Build operational intelligence into your apps
without defining a schema
– Use semantic logging for better insight gathering
8. Unlock the power of Splunk for the
entire enterprise
– Search, manage and visualize
Splunk data outside of Splunk
Fully documented and supported
REST API
– Extremely flexible, over 170
endpoints
Fully documented and supported
SDKs for
Python, Java, JavaScript, PHP, Ruby,
and C#
– Support for popular, open
languages
Integrate with IT
Infrastructure
9. Splunk offers a fully-integrated
platform
– Collection, storage, query language, visualization “outof-the-box”
– Real-time insights: clickstream analysis, IT earlywarning systems, security and fraud protection
– Enterprise-grade scale and access control
– Support for popular, open languages
Build Real-time Big Data
Applications
10. Performance Testing for Dev Ops
“We use Splunk to monitor the full software
development cycle - from version control
commits, to continual integration builds, to agile
issue tracking tools, to continual deployment stats.
All of the data combined can be used to illustrate the
health of development efforts in real-time.”
Dan Cundiff
Production Engineer
• Splunk monitors activity from code commit through production
• Target uses Splunk to ensure real-time health and stability of
continuous integration for DevOps agility and responsiveness
10
11. Running Real-time Searches with the Java SDK
“Splunk lets us find and fix
issues on a customer’s DVR
before anyone makes a phone
call.”
Travis Parchman
Operations
•
•
11
Support Reps issue real-time searches from a custom CSR
app to inspect customer DVR health
Proactive maintenance leads to lower support costs for
Comcast and higher customer satisfaction
12. Powering customer-facing apps with Splunk
“The Splunk Python SDK provides us
with a familiar developer environment
to build an application on Splunk that
provide metrics and comparables to our
entire customer base.”
Bill Matthews
CTO
•
•
MSP providing network monitoring and security management
Using the Python SDK to build custom dashboards for
customers powered by data from Splunk
12
13. What You Need to get started
•
•
•
•
•
Splunk
Data
Text Editor or IDE
Documentation on dev.splunk.com
SDKs on dev.splunk.com & https://github.com/splunk
(* They are FREE!)
13
15. The Splunk Platform
Inputs, Apps, Other
Content
Operational Intelligence Platform
UI
Content
SDK
REST API
Core Functions
User and Developer Interfaces
Core Engine
Search Processing Language
Indexing
Collection
15
16. Powerful Platform for Enterprise Developers
Build Splunk Apps
Web
Framework
Extend and Integrate Splunk
Simple XML
SDKs
Data Models
JavaScript
Ruby
Java
JavaScript C#
PHP
Python
Search Extensibility
Django
REST API
16
Modular Inputs
17. Hunk: Powerful Developer Platform on Hadoop
Web
Framework
Simple XML
SDKs
Data Models
JavaScript
Ruby
Java
JavaScript C#
PHP
Python
Search
Extensibility
Django
REST API
Hadoop
Storage
17
19. Splunk Web Framework
Brief History / Overview
• Available as a stand-alone web
•
•
•
•
framework in 5.0
Built into Splunk 6.0
Created for web developers
Pre-built components
Splunk dashboard styles
19
20. Splunk Web Framework
Familiar Technologies
Web
Framework
- Code with JavaScript & Django/Python
- HTML5/CSS/JS Support
- Built on JQuery & Backbone.js
Simple XML /
HTML
Flexible and Extensible
JavaScript
- Create custom layouts
- Integrate visualizations like Sankey
charts, heat maps and bubble charts
- SimpleXML to HTML Conversion
Django
20
21. Get More Familiar with Web Framework
Web Framework App - http://apps.splunk.com/app/1613/
Web Framework Components:
•
•
•
•
•
•
•
Search Managers
Charts
Tables
Forms
Search Manager Controls
Map
Data Template
21
22. Using the Web Framework
Toolkit components
Where to find the components:
– $SPLUNK_HOME/etc/apps/splunk_wftoolkit/django/splunk_wftoolkit/static/spl
unk_wftoolkit/components/
When the toolkit is not installed:
– Include components in your app
– Remember to keep them updated!
When the toolkit is installed:
– Reference components in the toolkit
Each of the following examples also include Example Code
22
28. The REST API (and SDKs)
Search
Visualize
Manage
Create and run
searches from
other applications
Integrate search
results with other
applications using
custom
visualizations
Add/Delete Users
28
29. The Splunk REST API
Exposes an API method for every feature in the product
– Whatever you can do in the UI – you can do through the API
– Run searches
– Manage Splunk configurations
API is RESTful
–
–
–
–
–
Endpoints are served by splunkd
Requests are GET, POST, and DELETE HTTP methods
Responses are Atom XML Feeds
Versioning introduced in Splunk 5.0
Search results can be output in CSV/JSON/XML/raw
29
30. What else about the REST API?
Common HTTP Status Codes
– Returned after all endpoint requests (All your favorites including 404)
Authentication Methods
– HTTP Header
– HTTP Basic
Global pagination and filtering
– Returned lists of objects adhere to a standard interface
Object Sharing and Permissions
– All endpoints that list user objects support object sharing and Access Control List
(ACL)
30
31. Where can you make API requests?
A terminal
Web browser
Any code
Lets see some examples!!!
31
33. Overview of the Splunk SDKs
Currently, Splunk has SDKs for
these languages:
•
•
•
•
•
•
What you can do
• Integrate with 3rd-party tools
• Log directly to Splunk
• Integrate Splunk search results into
Python
Java
JavaScript
PHP
Ruby
C#
your application
• Extract data for archiving
• Build a UI on the web stack of your
choice
• ...and so much more
33
34. What the Splunk SDKs do for you
Handling HTTP access including certs
Authenticating – a session key can be used for subsequent requests
Managing namespaces
Simplifying access to REST endpoints
Building the correct URL for an endpoint
Displaying simplified output for searches
Simplification!
34
40. Blocking, One Shot, Real Time Searches
// Always block until results are ready.
queryArgs.put("exec_mode", "blocking");
Job job = service.getJobs().create(query, queryArgs);
// Execute the oneshot query, which returns the stream (i.e. there is
// no search job created, just a one time search)
InputStream stream = service.oneshotSearch(query, queryArgs);
// Always set real time search mode; No need to wait on a job
queryArgs.put("search_mode", "realtime");
40
45. Anonymous Mood Generator
• Moral and mood towards different projects and tasks based on
Google Forms Survey.
45
46. Closer look
Network device Modular Input
Custom Splunk Command
Not on apps.splunk.com yet, they are beta
– Available on https://github.com/jamesdon
46
49. Where to Go for More Info
•
Tutorials, Code Samples, Getting Started, Downloads
– http://dev.splunk.com/ & http://dev.splunk.com/hunk
•
Support
– https://www.splunk.com/page/submit_issue
•
GitHub
– https://github.com/splunk/
•
Twitter
– https://twitter.com/splunkdev
•
Blog
– http://blogs.splunk.com/dev/
49
The Splunk Development Platform makes it easy to customize and extend Splunk to make the most out of your IT investments. Developers use Splunk in 3 ways
Core Splunk “out of the box” increases the speed and efficiency of application development, testing and provides proactive monitoring and analytics for applications in productionIn your org you probably already use Splunk for App managementBut Splunk is a great tool for App Development as well“Code isn’t complete unless it’s Splunk friendly.”Splunk is a great solution for both dev and test, from the unit level to full integration
The Splunk Developer Platform allows you to deliver greater operational agility throughout their organization by making it easy to integrate data from Splunk with other applications. Splunk provides a fully documented and supported REST API with over 170 endpoints that let developers programmatically index, search and visualize data in Splunk from any application. Splunk’s SDKs let developers integrate Splunk data with other applications across the enterprise, from custom-built mobile reporting apps to off-the-shelf CRM solutions, using familiar languages and frameworks.
Build Real-time Data Applications with the SDKs / REST APISplunk is a fully-integrated platform that delivers rapid “time-to-value” to developers. Many of our customers are building robust applications on Splunk today that deliver real-time business insights like clickstream analysis, IT early-warning systems, security and fraud protection at a scale that their businesses demand.This is not limited to everyday customers, as vendors are using Splunk’s analytics engine to power their own Aps.
Target Splunk’s data from Jenkins (build server) to monitor their continuous deployment/dev ops.
Splunk Use Case: Comcast has many different Splunk use cases. Comcast’s X1 Platform Device Manager CSR app uses the Java SDK to issue (one-shot) queries (complex, with multiple sub-queries) to find errors of the last 60 minutes (needs to be realtime – submits the query syntax live). Looking for DVR attempts/failures, Baud attempts/failures, etc. Proactive investigation of customer DVRs - reps need to see if customers are actually using their DVR (I.e. Don't want to reboot a box if customers are watching TV). The goal is to fix the error before anyone makes a phone call (saving on support operations costs and increasing customer satisfaction).Before Splunk, DVR box daemon's were batch polled once a day, which was much less effective identifying errors, leading to higher call volume and lower sat. Business Value: Lower support costs& increased customer satisfaction
IDE - integrated development environment
As the Splunk platform evolves you can see how the Development capabilities have expanded to enable developers to better build on Splunk’s core capabilities. Let’s double click into the Developer platform….Whatdoes this platform look like?The platform consists of 2 layer:A core engine and an interface layerOn top of the platform you can’t run a broad spectrum of content that supports use casesUse cases range from application mgmt. and IT operations, to ES and PCI compliance, to web analyticsThe core engine provides the basic services for real time data input, indexing and search as well alerting, large scale distributed processing and role based accessThe Interface layer consist of the basic UI for search, reporting and visualization– it contains developer interfaces, the REST API and SDKsThe SDKs provide a convenient access to core engine services in a variety of programing language environments. These programmatic interfaces allow you to either:extend Splunkintegrate Splunk with other applicationsbuild completely new applications from scratch that require OI or analytical services that Splunk provides
BUILD SPLUNK APPSThe Splunk Web Framework makes building a Splunk app looks and feels like building any modern web application. The Simple Dashboard Editor makes it easy to BUILD interactive dashboards and user workflows as well as add custom styling, behavior and visualizations. Simple XML is ideal for fast, lightweight app customization and building. Simple XML development requires minimal coding knowledge and is well-suited for Splunk power users in IT to get fast visualization and analytics from their machine data. Simple XML also lets the developer “escape” to HTML with one click to do more powerful customization and integration with JavaScript. Developers looking for more advanced functionality and capabilities can build Splunk apps from the ground up using popular, standards-based web technologies: JavaScript and Django. The Splunk Web Framework lets developers quickly create Splunk apps by using prebuilt components, styles, templates, and reusable samples as well as supporting the development of custom logic, interactions, components, and UI. Developers can choose to program their Splunk app using Simple XML, JavaScript or Django (or any combination thereof).EXTEND AND INTEGRATE SPLUNKThe Splunk SDKs include documentation, code samples, resources and tools to make it faster and more efficient to program against the Splunk REST API using constructs and syntax familiar to developers experienced with Java, Python, JavaScript, PHP, Ruby and C#. Developers can easily manage HTTP access, authentication and namespaces in just a few lines of code. Developers can use the Splunk SDKs to: - Run real-time searches and retrieve Splunk data from line-of-business systems like Customer Service applications - Integrate data and visualizations (charts, tables) from Splunk into BI tools and reporting dashboards- Build mobile applications with real-time KPI dashboards and alerts powered by Splunk - Log directly to Splunk from remote devices and applications via TCP, UDP and HTTP- Build customer-facing dashboards in your applications powered by user-specific data in Splunk - Manage a Splunk instance, including adding and removing users as well as creating data inputs from an application outside of Splunk- Programmatically extract data from Splunk for long-term data warehousingSplunk Enterprise offers search extensibility through: - Custom Search Commands - Scripted Lookups- Scripted Alerts- Search Macros
Hunk: The Most Powerful Platform for Building Big Data Apps on HadoopHunk is the fully-featured platform that provides rapid exploration, analysis and visualization of your data at rest in Hadoop. It’s based on years of experience building big data products deployed at thousands of Splunk customers and drives dramatic improvements in the speed and simplicity of getting insights from big data in Hadoop. Hunk works with Apache Hadoop or the Hadoop distribution of your choice including first-generation MapReduce and YARN. Hunk also provides a rich developer platform including an integrated Web Framework and Software Development Kits (SDKs) for the world’s most popular development languages. With Hunk, you can build apps powered by data stored in Hadoop Distributed File System (HDFS) as well as integrate data from HDFS into other applications and systems without having to manually program MapReduce jobs.Hunk provides a rich developer environment that enables you to build powerful enterprise Big Data apps that deliver business insights like clickstream analysis, deep customer behavioral modeling and security analysis at enterprise-grade scale using the languages, frameworks and tools you know. Applications built on Hunk can deliver segmented, secure views of data through a highly customizable, flexible interface. The Splunk Web Framework makes building an app on top of Hadoop look and feel like building any modern web application. Developers can also integrate and extend the power of Hunk. The REST API and Software Development Kits (SDKs) for Java, JavaScript, Python, C#, Ruby and PHP, enable you to integrate data and functionality from Hunk into other applications across the enterprise, from custom-built mobile reporting apps to Web Parts in Microsoft SharePoint.Hunk offers ad hoc exploration, analysis and visualization of historical data at rest in Hadoop. Dynamically query data in HDFS or write a custom search script in a few lines of Python without having to cobble together numerous other projects and components or set up MapReduce. Hunk utilizes the Splunk Search Processing Language (SPL™), the industry-leading method to enable interactive data exploration across large, diverse data sets. With Hunk’s schema-on-the-fly, users are not limited or constrained by rigid schemas and can immediately query and interrogate raw data in Hadoop through visual interactions and SPL for deeper analysis. You can also expand the search language to customize commands to perform custom processing or calculations and trigger a shell script or batch file with scripted alerts. You can write custom search commands in Python that take data in standard input (stdin) and output data on standard output (stdout). Once that Python script has been written, all it takes is a simple configuration setting to add the custom search command to the Hunk search pipeline. Additionally, customers with both Splunk Enterprise and Hunk licenses can search across data stored both in Hadoop and in native indexes in Splunk Enterprise – all in the same search.
You can use the new frame work in the latest two versions of Splunk. Splunk as a product is ever evolving.
Splunk is a fully-integrated platform that delivers rapid time-to-value to application developers. Developers can build robust applications on Splunk that deliver real-time business insights like clickstream analysis, IT early-warning systems, security and fraud protection at enterprise-grade scale using the languages, frameworks and tools that they know and love. Applications built on Splunk can deliver segmented, secure data to customers in any UI, powering your core product or service with real-time operational intelligence making Splunk more valuable and more relevant to more users. The Splunk Web Framework makes building a Splunk app looks and feels like building any modern web application. The Simple Dashboard Editor makes it easy to build interactive dashboards and user workflows as well as add custom styling, behavior and visualizations. Simple XML is ideal for fast, lightweight app customization and building. Simple XML development requires minimal coding knowledge and is well-suited for Splunk power users in IT to get fast visualization and analytics from their machine data. Simple XML also lets the developer “escape” to HTML with one click to do more powerful customization and integration with JavaScript. Developers looking for more advanced functionality and capabilities can build Splunk apps from the ground up using popular, standards-based web technologies: JavaScript and Django. The Splunk Web Framework lets developers quickly create Splunk apps by using prebuilt components, styles, templates, and reusable samples as well as supporting the development of custom logic, interactions, components, and UI. Developers can choose to program their Splunk app using Simple XML, JavaScript or Django (or any combination thereof).Use Simple XML for fast, lightweight dashboard building as well as add custom styling, behavior and visualizationsUse JavaScript for client-side development Use Python and the Django framework for server-side developmentAdvanced XML?
Splunk has published a Web Framework App to make getting more familiar with it much more simple. Maps are now part of Splunk 6.0Search managers correspond to your Splunk search jobs, saved reports, and post-process searches.Splunk views are used to visualize data, accept form input, and control searches.Tokens and data binding provides a handy mechanism for you to bind values together from searches and views to keep them in sync.Drilldown actions let you customize the drilldown behavior when users click on views.Splunk dashboard styles are used by HTML dashboards for layout, but you can use the dashboard stylesheet in your apps too.DataTemplate view with an embedded template using Django
The Web Framework Toolkit includes a number of new, reusable components based on open-source libraries. These toolkit components are examples that demonstrate how to build your own custom components for your own apps, as well as supported add-ons for others to include in their apps.
Overall the
The Splunk SDKs empower developers to deliver greater operational agility throughout the enterprise by making it easy to integrate data from Splunk with other applications. Splunk provides a fully-documented and supported REST API with nearly 200 endpoints that let developers programmatically index, search and visualize data in Splunk from any application. Splunk’s SDKs, built on that API, make it easy for developers to integrate data from Splunk with other applications across the enterprise, from custom-built mobile reporting apps to off-the-shelf CRM solutions. Splunk offers SDKs for Python, Java, JavaScript, PHP, Ruby and C#. Developers can use the Splunk SDKs with Hunk to: Run searches and retrieve Splunk data from line-of-business systems like Customer Service applications Integrate data and visualizations (charts, tables) from Splunk into BI tools and reporting dashboardsBuild customer-facing dashboards in your applications powered by user-specific data in Splunk Manage a Splunk instance, including adding and removing users
IndexLog directly to Splunk (TCP, UDP, HTTP)SearchIncluding saved searchesExtract data from SplunkVisualizeIntegrate search results with third-party reporting tools, portals and other custom applicationsManageAdd/remove users and rolesCreate inputs
2 main categories – Search and Manage
Although you can use the REST API directly, you can also use the Splunk SDKs to interact with Splunk. Essentially, these SDKs are wrappers around the REST API that do a lot of the work for you, such as:
All communication to the Splunk REST API is through the Service object.
In Splunk, every object you create is tied to an owner and an app – you can manage access control via specifying namespaces.