Archive

Does Splunk Answers use Splunk?

Builder

There are a few areas of Splunk Answers where I could imagine Splunk being used as a backend, such as the karma history feature where old events are never really invalidated. Can someone from the team share whether any parts of the Answers application directly or indirectly trigger Splunk searches or at least send data to Splunk (not including things like web/app server logs)?

Tags (1)
0 Karma
1 Solution

Community Manager
Community Manager

Hi jtacy,

I work on the Community team at Splunk. There is data, most of which are web logs, that we index in Splunk from Splunk Answers for various cases:
-monitoring the health of the site
-user activity (count of questions, answers, comments)
-number of Splunk and non-Splunk employees contributing content
-count of users with over X amount of karma by reg year
-top keywords searched
-monthly count of distinct/active users
-monthly count of new questions vs. answers
-monthly count of answered vs. unanswered questions
…and more

Is there a particular reason why you asked this question?

View solution in original post

Community Manager
Community Manager

Hi jtacy,

I work on the Community team at Splunk. There is data, most of which are web logs, that we index in Splunk from Splunk Answers for various cases:
-monitoring the health of the site
-user activity (count of questions, answers, comments)
-number of Splunk and non-Splunk employees contributing content
-count of users with over X amount of karma by reg year
-top keywords searched
-monthly count of distinct/active users
-monthly count of new questions vs. answers
-monthly count of answered vs. unanswered questions
…and more

Is there a particular reason why you asked this question?

View solution in original post

Builder

Thanks! I was mainly just curious but am also interested in use cases where Splunk is used as a backend for web application features.

For example, if someone is already using Splunk to provide the audit log for an application, I wonder how practical it would be to provide a security-trimmed view of that data to authenticated end users. We do this for certain internal end users but not at large scale. At scale, would a SHC and indexer cluster deliver adequate reliability? Would the unpredictable load be a nightmare? I figured Splunk Answers might have gone down this road already.

I think the thing I would be most concerned about when delivering search results to non-employees is the risk of having rogue data in an index. Splunk doesn't seem to have the concept of index-level security on the input side except when using HEC, but almost all environments will have open forwarding ports as well. Dedicated indexer cluster may be the way to go.

Thanks for the info!

Splunk Employee
Splunk Employee

Hi jtacy,

While Splunk Enterprise can definitely be used to index, analyze, and visualize Splunk Answers data to create user reports, leaderboard, and other dashboards on the site, I don't think Splunk is currently being used to power the Splunk Answers system.
As far as I understand, the Splunk Answers site was built on a simiar set of technologies that power the Stack Overflow site. See https://en.wikipedia.org/wiki/Stack_Overflow#Technology for more information.

Hope this helps. Thanks!
Hunter

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!