An Hour of Code with Splunk


The Hour of Code is a global effort to educate children in more than 180 countries with as little as one hour of computer science. Held as part of Computer Science Education Week (December 7-13), the most recent Hour of Code included more than 198,473 events around the world. And this year, several Splunkers taught sessions in events across the country.

Here in the Seattle Area, Shakeel Mohamed, one of our engineers, taught sessions on Lightbot and Minecraft at Rainier View Elementary School, and I had the pleasure of teaching approximately 150 students at Ingraham High School an hour about log / time-series data and how to mine it with Splunk. The courses are a challenging mix of students with little to no programming experience, together with those who have some background. In this case, all the students had experience with coding so Splunk was specifically selected to introduce how event logging and data visualization fit into the world of programming.




I was joined by several volunteers from Teals – a nonprofit that pairs computer science professionals with educators to teach CS – including Jay Waltmunson and Taylor Weiss, both from Microsoft.  We based our sessions on the “Looking at Data with Splunk” tutorial on code.org, developed jointly by StudentRND and Splunk. The version of the tutorial we used in class was updated to use the latest version of Splunk 6.3.

Part 1: Logs and visualization

In the first part of the lesson we described the importance of log / activity data and visualization. Using Bungie’s Halo game as an example, we talked about the massive volume of activity data generated within the game based on player actions, and how the data can be visualized to not only analyze patterns of activity, but ultimately to improve the game. We showed the students a heat map that Bungie had created which illustrated where people had died in the game. We then put the students to the test and asked them to come up with reasons why the patterns we were seeing might be occurring – why the red zones?


The students really engaged in the conversation: Maybe weapon arsenals are heavily concentrated in those zones? Perhaps there are a large number of people entering the game in the red zones, or maybe the issue is that the landscape of the black zones is too difficult to navigate. We illustrated how we could leverage the underlying user data to confirm or refute their assertions. I got the sense that the students walked away with a much greater appreciation for the power of data and visualization.

Part 2: Getting data into Splunk by cutting the rope

For the second part of the lesson we worked on getting data into Splunk, extracting fields, searching, and creating simple visualizations. The scenario we used from the tutorial was something the kids really connected to, the “Cut the rope” game. Everyone knew about it. I quickly found out that if you are in high school and don’t know about “Cut the rope” you must be living in a cave or on a remote island!

If you haven’t heard of it, it is a really fun and addicting game where you move a frog through obstacles / swing on vines to get as many stars as you can. You can see a screenshot below.


After talking a bit about the game, we talked about how the game could generate different events for each action in the game. The students took some time to think about the possibilities and what would make sense to log. Some examples were logging each time you get a star, logging how long it takes to complete the level, logging when someone dies, etc. The students were spot on!

The students then downloaded a data file which contained some sample entries that the app might generate. We talked about a bit about the structure and how we would read this data into Splunk to further analyze it. The file looked like this:

12-07-2015 10:56:05AM level_loaded 0
12-07-2015 10:56:09AM rope_cut
12-07-2015 10:56:19AM star_collected
12-07-2015 10:56:28AM candy_collected
12-07-2015 10:56:30AM level_loaded 1
12-07-2015 10:56:34AM rope_cut
12-07-2015 10:56:36AM star_collected
12-07-2015 10:56:41AM candy_collected

Part 3: Hands on – importing data and visualization

Then the students got started! Each student logged into a Splunk instance hosted on a Linux VM in Microsoft’s Azure Cloud. They imported the data using our “Splunk’s Getting Data In” functionality. They did some simple text searches. The students quickly saw how easy it was to enter a simple query and immediately got results!

We talked about we might want to do some more complex analysis. For example, we might want to know things like a break down of each action by count, or which level is the hardest. Currently this was not possible as all we could do is simple matches like every event that contains the word “Level”.

The students moved on to start telling Splunk about the data to support these kinds of queries. Using field extraction, the students specified that the data had game_event and level fields. With those fields in place the students learned how to use the chart command to answer some of the earlier questions. For example the students wrote “* | chart count by game_event” to see the breakdown of game_events.

Final Step: Visualize and solve

Next we showed how they take the results and turn them into a visualization. Once they had these basics, they moved on to answer the question of which levels were the hardest to finish, by looking at the number of resets by level_number. Using visualization allowed them to quickly arrive at the answer.

Finally, if any time remained, we talked a bit about how the skills learned could be useful / what other domains this could be applied to.

One fun thing I almost forgot to mention – these students were adventurous! Throughout the day, a number of the students figured out how they could jump to their user page, rename their accounts, change their passwords, and updating their profiles. Seeing this and getting a bit of a kick out of it, at one point I said “Folks, don’t change your profile”. All the students immediately froze as if they had committed something horrible. :-) It was great to see their energy, excitement and willingness to try new things. At one point in one of the classes, one of the students even tried to create a Data Model.

It was a very fruitful day. I was amazed at how fast the kids picked up Splunk, and how some of the kids went much further to try and see what they could do.

Because of all of this, it really was exciting to be part of the Hour of Code. This is a great effort that is helping to prepare our young generation to take the reigns of technology. Special thanks to Jay and Lawrence for the invitation.

I look forward to being a part of this event in the future!

To learn more about Hour of Code and how you can volunteer to teach students Computer Science, visit http://hourofcode.com.

Glenn Block

Posted by


Show All Tags
Show Less Tags