ZILLOW SPLUNK LIKE A BOSS CUSTOM COMMANDS Bernie

ZILLOW SPLUNK LIKE A BOSS CUSTOM COMMANDS Bernie Macias, SPLUNK TECHNICAL ARCHITECT @httpstergeek, #zillow. Splunk. Like. ABOSS 1

About Me • Past Experience: Since 2005 • • Splunk Experience: 4+ years - Deployed Capital One’s approved Splunk architecture - One of the top non-Splunk employee contributors to Splunk Answers - Started the Splunk> Seattle user group - 2014. Conf Speaker Other Tech Interests: Ongoing - 2 Tech support, Windows system admin, windows system engineer, system architect, Unix analyst Python, Django, Data visualization (d 3. js), state full configuration Management (salt-stack, chef)

Agenda • Brief Overview • Getting started • Adding your own Python Packages • Demo 3

BRIEF OVERVIEW 4

Search Commands • Programs that allow you to stream or report on data • Generate data • Transforming data by calculating aggregates. • Tells Splunk how to retrieved from indexes. 5

Command Types • Generating – Generates Events records • Reporting – Process search results and generates a report. • Streaming – Applies transformation to search results. 6

GETTING STARTED 7

Tools • Python 2. 7. 8 • PIP • Virtualenv & virtualenvwrapper • IDE or Text Editor • Splunk Python SDK • Local Instance of Splunk 8

Anatomy of a Command 9

Using a Template • Start with a Template 10

Presenting your results. 11

ADDING YOUR OWN PYTHON PACKAGES 12

Building an Egg • Install PIP in your local instance • Download your package from Py. PI – the Python Package Index • Unpack your source • Find the source setup. py file • run >. /python setup. py bdist_egg 13

Loading eggs into Splunk 14

DEMO 15

THANK YOU FOR COMING 16