The book Implementing Splunk: Big Data Reporting and Development for Operational Intelligence written by Vincent Bumgarner and for which I was a reviewer (yes, it’s a unashamed advertisement) is now available.
Tag Archive for 'siem'
The latest version Splunk (5.0) is now out, with some nice improvements:
The most visible missing feature for users (customers ?) is PDF report generation: Splunk is now able to generate natively PDF reports (including for report scheduling). You can forget the crappy PDF report app .
Report acceleration (similar to ArcSight trends) that allows fast reports [...]
In a non-dsitributed architecture (your indexer is also the host receiving the events), you might want to keep Splunk running as a non-privilegied user but still be still receive syslog from remote hosts. You have (mainly) two solutions:
Setup your favorite syslog daemon (syslog-ng or rsyslogd) to listen to port 514, and then configure Splunk to [...]
Splunk 4.3 is out for a few days, and this new release contains some nice improvements:
Sparklines (like in BlueCoat): * | chart sparkline count by host gives the following result:
Flash is replaced by HTML5 (for recent browsers; flash is still used for old browsers), but the behaviour of flashtimeline or reports is kept unchanged. Allows [...]
Arcsight recently presented their new version of the Logger. Some of the new features are:
Distributed reports over multiple Logger
User configurable dashboards
Event summary (overview)
Live event viewer
LDAP and AD directory integration
dedup and transaction search commands
SNMP polling support