When Splunk meets Slack
-
Upload
bertrand-marron -
Category
Engineering
-
view
341 -
download
6
Transcript of When Splunk meets Slack
When Splunk meets Slack
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 1
Two issues
1. You don’t want all your users on Splunk
2. You don’t want your customers on Splunk
One solution
→ Splunk SDK (for JavaScript)
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 2
IONISx
So, we’re using Slack.
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 3
Slack
Simple instant messaging for teams
IRC and XMPP gateways
Many third party app integrations
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 4
IONISx
So, we’re using Slack.
We built a Hubot with slackhq/hubot-slack.
(His name is michel)
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 5
Hubot
“A customizable, life embetterment robot” by Github.
// Drop this in a scripts directory and you’re done.
robot.hear(/what is the answer?/i, function (msg) { msg.reply('42');});
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 6
IONISx
So, we’re using Slack.
We built a Hubot with slackhq/hubot-slack.
We made him query Splunk using the SDK.
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 7
Splunk SDK for JavaScript
Provides a simple query API
splunk.oneshotSearch( 'search sourcetype=access_combined | stats count by status', { earliest_time: moment().startOf('day').toISOString() }, function (err, data) { // … });
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 8
IONISx
So, we’re using Slack.
We built a Hubot with slackhq/hubot-slack.
We made him query Splunk using the SDK.
Then we hosted him on Heroku.
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 9
Heroku
A PaaS.
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 10
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 11
Configuration
var splunk = new sdk.Service({ autologin: true, scheme: process.env.SPLUNK_MGMT_SCHEME, host: process.env.SPLUNK_MGMT_HOST, port: process.env.SPLUNK_MGMT_PORT, app: process.env.SPLUNK_MGM_APP, username: process.env.SPLUNK_MGMT_USERNAME, password: process.env.SPLUNK_MGMT_PASSWORD, version: process.env.SPLUNK_MGMT_VERSION});
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 12
Example
robot.respond(/how many users were online today?/i, function (msg) {
splunk.oneshotSearch( 'search sourcetype=tracking username!="" | stats count by username | stats count', { earliest_time: moment().startOf('day').toISOString() }, function (err, data) {
if (data && data.rows && data.rows.length) { msg.reply(util.format( 'there were %s users online today', data.rows[0] )); } } );})
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 13
Questions?
Splunk User Group France (2015/04/28) – @tusbar – CTO of IONISx 14