Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Using Splunk as a real-time event detection engine

jsash1
New Member
‎08-04-2013 06:10 PM

Hi,

I have a requirement for an event detection engine which is able to identify a string (e.g. username) in a particular data source and 'notify' other systems that the event has occurred.

I appreciate the inherent flexibility Splunk has by allowing Scripts to be used in conjunction with Alerts to achive this, but i wanted to see if anyone is using Splunk within a large enterprise Production environment as an event detection engine (instead of just a data visualisation tool)?

Once the event has occurred, Splunk will need to 'notify' other systems by sending a JMS message to one system and updating a database table in another system. How suitable is the scripting capability in Splunk for run-time requirements like this?

Cheers,
James.

Tags (1)
0 Karma
Reply

billford
Path Finder
‎08-04-2013 06:30 PM

Sorry reading it on my phone, overlooked the actual question. Yes that should be no problem. You can script with pretty much anything. I generally use python or bash but to each his/her own. :). We often use external alerting to send an ip to a firewall to be dropped or to update a blacklist, etc. Same principle.

0 Karma
Reply

billford
Path Finder
‎08-04-2013 06:24 PM

Yes. All the time. What is your specific question?

0 Karma
Reply

jsash1
New Member
‎08-04-2013 06:26 PM

Once the event has occurred, Splunk will need to 'notify' other systems by sending a JMS message to one system and updating a database table in another system. How suitable is the scripting capability in Splunk for run-time requirements like this?

0 Karma
Reply
Get Updates on the Splunk Community!

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...

New Year. New Skills. New Course Releases from Splunk Education

A new year often inspires reflection—and reinvention. Whether your goals include strengthening your security ...