TIPS & TRICKS

Introducing Weblog Add-on

Another exciting day at Splunk and another great product release!  I am thrilled to announce the release of Weblog Add-on.  During .conf2011, we announced beta release of Splunk App for Web Intelligence.  We learned quite a bit from this beta release. After over 7500 downloads of the Web Intelligence beta App, we decided to close the beta and work on a product that closely aligns to the customer needs.  Weblog Add-on has couple of key features:

1) Field Extraction: Easy to map fields from Apache or IIS weblogs.  This includes both standard fields and ability to create and map custom fields.  No need to write code in configuration files to map fields.

2) Event-Type Library: Making event-types from Web Intelligence beta 1.0 available as a library to enable end users to build their custom Web Intelligence app

Let’s spend a couple of minutes on how the add-on works.  Once you identify a source or sourcetype, the add-on allows users to map field with sample data.  Simply drag and drop the field name that matches with the data.  If there are custom field, simply label the custom field and map to the data.  Header rows are not required to be present or accurate. Splunk’s DELIMS capabilities are used to provide higher performance in high-volume environments than that provided by regular expression-based configuration builders.  Users can also remove leading or trailing characters and pick a delimiter by simply clicking on the buttons.

Most websites are different and differ in KPI’s.  We want to provide our customers with flexibility on creating their own dashboards.  To make it easy, nearly 230 event-types are available under the manager tab.  You can pick one of the available event-type or create a new one.

For more details or to download the Weblog Add-on, use this link.  For a live demo or to dive deeper, come and attend .conf2013 in Las Vegas. Did you register yet?  Time is running out….

Happy Splunking!

----------------------------------------------------
Thanks!
Rahul Deshmukh

Splunk
Posted by

Splunk

Join the Discussion