image

Oct 31, 2007

Welcome

I'm not sure what it is but we seem to be blowing a lot of things up lately. When I say we're blowing things up I mean we decided to take another course of action, change our vantage point by 180 degrees or just plain start over again from scratch using what we've learned. Recently we blew up our software development process, lots of our software, and our business planning process. Often blowing things up means listening to a perspective you initially don't want to hear. Could it be that combustibles are a new type of business tool?

We've moved to a more agile product development process. Some of you may have noticed we literally discharged our old way of taking input from customers, scoping features, planning releases and testing. What does this mean for you? More features faster. Soon we'll be making preview releases available for download. These are pre-final releases that allow you to check out the newest features one to two months before final product. You'll notice in our upcoming 3.2 preview release the start of what we call "search based administration," a more scalable, discoverable, and in-context approach to administering your Splunk installation.

In addition to blasting our approach to administration, we're also lighting the fuse on our user interface. The idea is to de-factor it into a set of more reusable, replaceable and reconfigurable components. If you don't like the default event display or timeline, create your own. Perhaps you want to take our flash reporting component and embed it within your own webtop monitoring tool. Go for it. We're very interesting in hearing what else you'd like to do with a Splunk component UI toolkit.

BTW, I heard someone at Splunk say in response to blowing things up, "perhaps companies that don’t blow things up often enough end up blowing up themselves.” Certainly food for thought. I’m keeping my dynamite close by.

Enjoy Splunkvox and above all, happy splunking.

Michael Baum, CEO and Co-founder

What's New

Splunk 3.1

Seems like 3.0 just shipped, right? Well, 3.1 has arrived with a cool new features you Splunkers have asked for. Form Search makes it easy for non-IT people to search the vast amounts of data in their IT infrastructures. And Enhanced Data Management adds more flexible archiving and exporting of IT data to meet long term storage and compliance requirements.

With Form Search, you define saved searches with variables substituted by the user. These variables pop up form fields to be filled in prior to running the search. Many of you have asked for this feature to make it easier to define re-usable searches for help desk staff, customer support and other casual or non-technical users.

For example, you can define a search for all web server errors for a given user: 503 OR 500 OR 404 sourcetype::access_common user::$user$

... and when your help desk staff pulls up this saved search they'll get a field to fill in labeled "user:" rather than a confusing freeform search box.

And, many of you are using Splunk as your primary repository for months, even years worth of IT data. Compliance mandates are driving the adoption of Splunk to automate the collection, indexing and storage of that data. Enhanced Data Management in 3.1 gives you improved archive and export features to simplify the complexity of managing large data sets. Splunk archives IT data based on time or size and archived data can be quickly recalled by for historical searches.

Get it? Want it? Download it now

Christina Noren, VP Products and Services

Check Out Our Add-on of the Month

One of the most interesting items you can find on the new SplunkBase is a growing collection of add-ons. Add-ons let you extend Splunk's functionality and knowledge. Here's the first Splunkvox installment.

Web Access Reports

This add-on provides a collection of reports you can run to get information about who has been accessing your Web resources. Try it out. More next month.

Tips & Tricks

Do you know how to locate an IP address via Splunk?

Field actions are a great way of extending Splunk to do additional data processing. If you ever wondered where in the world – literally – a certain IP address is located, have a look at how to display a geo location via the Google Earth field action. By clicking on the field action next to an IP address, you get a new field action, which allows you to lookup the IP address via integration with Google Earth.

Want to write your own field actions? Read up on creating custom extracted field actions in the Splunk documentation.

Raffael Marty, Chief Security Strategist and Sr. Product Manager

Is Your SysAdmin a Rockstar?

The time to nominate your IT Hero for SysAdmin of the Year is past. The contest ended on October 12th with over 4000 nominations since July 27th. Now, for the tough part – going through all the submissions for these tireless techies and selecting the winners. We'll be announcing the winners at LISA in Dallas in November, awarding prizes including a MacBook Pro, an Apple iPhone , and a Gibson guitar. Join us for the party!

Patrick McGovern, VP Marketing and Community

Splunkast

Want to learn more about Splunk and the new features of 3.1? Join us for our November Splunkcast webinar. You'll get a broad overview of Splunk and the new features in the latest version of our powerful and versatile software. Time: Thursday, November 8th, at 10am PST. To signup, please drop a line to webinar@splunk.com and we'll put you on the list.

Out and About

Join us at LISA, November 14-15, where, on the evening of November 14th during the reception, we will announce the SysAdmin of the Year Winner. We can’t wait. See you there.