When Splunk meets Slack

14
When Splunk meets Slack Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 1

Transcript of When Splunk meets Slack

When Splunk meets Slack

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 1

Two issues

1. You don’t want all your users on Splunk

2. You don’t want your customers on Splunk

One solution

→ Splunk SDK (for JavaScript)

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 2

IONISx

So, we’re using Slack.

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 3

Slack

Simple instant messaging for teams

IRC and XMPP gateways

Many third party app integrations

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 4

IONISx

So, we’re using Slack.

We built a Hubot with slackhq/hubot-slack.

(His name is michel)

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 5

Hubot

“A customizable, life embetterment robot” by Github.

// Drop this in a scripts directory and you’re done.

robot.hear(/what is the answer?/i, function (msg) { msg.reply('42');});

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 6

IONISx

So, we’re using Slack.

We built a Hubot with slackhq/hubot-slack.

We made him query Splunk using the SDK.

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 7

Splunk SDK for JavaScript

Provides a simple query API

splunk.oneshotSearch( 'search sourcetype=access_combined | stats count by status', { earliest_time: moment().startOf('day').toISOString() }, function (err, data) { // … });

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 8

IONISx

So, we’re using Slack.

We built a Hubot with slackhq/hubot-slack.

We made him query Splunk using the SDK.

Then we hosted him on Heroku.

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 9

Heroku

A PaaS.

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 10

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 11

Configuration

var splunk = new sdk.Service({ autologin: true, scheme: process.env.SPLUNK_MGMT_SCHEME, host: process.env.SPLUNK_MGMT_HOST, port: process.env.SPLUNK_MGMT_PORT, app: process.env.SPLUNK_MGM_APP, username: process.env.SPLUNK_MGMT_USERNAME, password: process.env.SPLUNK_MGMT_PASSWORD, version: process.env.SPLUNK_MGMT_VERSION});

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 12

Example

robot.respond(/how many users were online today?/i, function (msg) {

splunk.oneshotSearch( 'search sourcetype=tracking username!="" | stats count by username | stats count', { earliest_time: moment().startOf('day').toISOString() }, function (err, data) {

if (data && data.rows && data.rows.length) { msg.reply(util.format( 'there were %s users online today', data.rows[0] )); } } );})

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 13

Questions?

Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 14