×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
gerrard851
New Member
Member since: ‎10-29-2018
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-29-2018
Activity Feed
View All

Re: Online [realtime] integration with WebApp

by in Splunk Search
‎11-25-2018 10:42 AM
‎11-25-2018 10:42 AM
Thank you for replying, Martin. A bit more information about the data and the rules. As an example of one of the rules in 50 ruleset: "How many unsuccessful authentification attempts has been made by the user in 1 hour span." As you can see the data that has to be used is application authentification log (apache-like). And the challenging part is to guarantee completion of 2500 parallel searches in one second (hopefully without the need of truckloads of hardware 🙂 ) Maybe it could be some sophisticated approach using data model. ... View more

Re: Online [realtime] integration with WebApp

by in Splunk Search
‎11-04-2018 11:44 AM
‎11-04-2018 11:44 AM
Thank you for replying. It is about 50 requests per second (~4GB per day) ... View more

Online [realtime] integration with WebApp

by in Splunk Search
‎10-29-2018 12:09 PM
‎10-29-2018 12:09 PM
Hello, We have WebApp within a Company. It is necessary to receive Authorization Requests (AR) from WebApp for online scoring. We have Splunk Enterprise installation. Authorization requests from WebApp should go directly (or through an intermediate components) to Splunk. We need to use 50+ rules (searches) for each coming authorization requests and get an answer (search result) in less than 1 second and send that answer back to the WebApp. Suppose that we need the depth of analysis no more than 24 hours. Based on Splunk search result WebApp decides to allow the client access to the personal account or to deny or send a request to the client for additional verification. Between the WebApp and Splunk, we can use the intermediate components (for example, a stream-processing software like Apache Kafka) Questions: Are there any examples of implementation of such solutions? What is the Splunk architecture of such a solution and what kind of intermediate components are used? What are the estimated hardware requirements for Splunk installation? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM