- Splunk Answers
- :
- Other Resources
- :
- #Random
- :
- Re: Does Splunk Answers use Splunk?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are a few areas of Splunk Answers where I could imagine Splunk being used as a backend, such as the karma history feature where old events are never really invalidated. Can someone from the team share whether any parts of the Answers application directly or indirectly trigger Splunk searches or at least send data to Splunk (not including things like web/app server logs)?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi jtacy,
I work on the Community team at Splunk. There is data, most of which are web logs, that we index in Splunk from Splunk Answers for various cases:
-monitoring the health of the site
-user activity (count of questions, answers, comments)
-number of Splunk and non-Splunk employees contributing content
-count of users with over X amount of karma by reg year
-top keywords searched
-monthly count of distinct/active users
-monthly count of new questions vs. answers
-monthly count of answered vs. unanswered questions
…and more
Is there a particular reason why you asked this question?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi jtacy,
I work on the Community team at Splunk. There is data, most of which are web logs, that we index in Splunk from Splunk Answers for various cases:
-monitoring the health of the site
-user activity (count of questions, answers, comments)
-number of Splunk and non-Splunk employees contributing content
-count of users with over X amount of karma by reg year
-top keywords searched
-monthly count of distinct/active users
-monthly count of new questions vs. answers
-monthly count of answered vs. unanswered questions
…and more
Is there a particular reason why you asked this question?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks! I was mainly just curious but am also interested in use cases where Splunk is used as a backend for web application features.
For example, if someone is already using Splunk to provide the audit log for an application, I wonder how practical it would be to provide a security-trimmed view of that data to authenticated end users. We do this for certain internal end users but not at large scale. At scale, would a SHC and indexer cluster deliver adequate reliability? Would the unpredictable load be a nightmare? I figured Splunk Answers might have gone down this road already.
I think the thing I would be most concerned about when delivering search results to non-employees is the risk of having rogue data in an index. Splunk doesn't seem to have the concept of index-level security on the input side except when using HEC, but almost all environments will have open forwarding ports as well. Dedicated indexer cluster may be the way to go.
Thanks for the info!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi jtacy,
While Splunk Enterprise can definitely be used to index, analyze, and visualize Splunk Answers data to create user reports, leaderboard, and other dashboards on the site, I don't think Splunk is currently being used to power the Splunk Answers system.
As far as I understand, the Splunk Answers site was built on a simiar set of technologies that power the Stack Overflow site. See https://en.wikipedia.org/wiki/Stack_Overflow#Technology for more information.
Hope this helps. Thanks!
Hunter
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
