Tag Archive for 'siem'

The book Implementing Splunk: Big Data Reporting and Development for Operational Intelligence written by Vincent Bumgarner and for which I was a reviewer (yes, it’s a unashamed advertisement) is now available.

February 1, 2013, 2:42 pm lock

The latest version Splunk (5.0) is now out, with some nice improvements:
The most visible missing feature for users (customers ?) is PDF report generation: Splunk is now able to generate natively PDF reports (including for report scheduling). You can forget the crappy PDF report app .
Report acceleration (similar to ArcSight trends) that allows fast reports [...]

October 31, 2012, 4:00 am lock

In a non-dsitributed architecture (your indexer is also the host receiving the events), you might want to keep Splunk running as a non-privilegied user but still be still receive syslog from remote hosts. You have (mainly) two solutions:
Setup your favorite syslog daemon (syslog-ng or rsyslogd) to listen to port 514, and then configure Splunk to [...]

March 13, 2012, 3:10 am lock

Splunk 4.3 is out for a few days, and this new release contains some nice improvements:
Sparklines (like in BlueCoat): * | chart sparkline count by host gives the following result:

Flash is replaced by HTML5 (for recent browsers; flash is still used for old browsers), but the behaviour of flashtimeline or reports is kept unchanged. Allows [...]

January 13, 2012, 1:00 am lock

Arcsight recently presented their new version of the Logger. Some of the new features are:

Distributed reports over multiple Logger

User configurable dashboards

Event summary (overview)

Live event viewer

LDAP and AD directory integration

dedup and transaction search commands

SNMP polling support

December 20, 2011, 3:01 am lock