Real-time log aggregation with Flink Part 1

Many of us have experienced the feeling of hopelessly digging through log files on multiple servers to fix a critical production issue. We can probably all agree that this is far from ideal. Locating and searching log files is even more challenging when dealing with real-time processing applications where the debugging process itself can be extremely time-sensitive.


Implementing Geolocation with Graylog Pipelines

Geolocation can be automatically built into the Graylog platform by using the "GeoIP Resolver" plugin with a MaxMind database. However, you can further improve your ability to extract meaningful and useful data by leveraging the functionality of pipelines and lookup tables. In fact, these powerful features allow you to do much more than the basic plugin.


Detecting CVE-2020-0601 Exploitation Attempts With Wire & Log Data

Editor’s note: CVE-2020-0601, unsurprisingly, has created a great deal of interest and concern. There is so much going on that we could not adequately provide a full accounting in a single blog post! This post focuses on detection of the vulnerability based on network logs, specifically Zeek as well as Endpoint. If you are collecting vulnerability scan data and need to keep an eye on your inventory of systems that are at risk, then check out Anthony Perez’s blog.


Loki 1.3.0 Released!

Welcome to 2020! (We’re a little slow with that on the Loki team.) To kick off the year we are releasing Loki 1.3! Anyone running Loki in microservices mode will be excited by this release as it introduces the Loki Query Frontend. (If you aren’t using microservices, be patient – good things will be coming your way soon.) The query frontend sits in front of the queriers and allows sharding queries based on time.

How to Solve Real World Application Problems With APM - SolarWinds Lab Episode #83

Based on one of the most popular SWUG™ (SolarWinds User Group) sessions of 2019, Jim Hansen, SolarWinds VP of application management products, shows you how to combine user experience monitoring with custom metrics, distributed tracing, log analytics, and log management to provide unparalleled visibility into your custom applications. Jim will demonstrate, step by step, how Pingdom®, AppOptics™, and Loggly® integrate with one another to help you pinpoint performance issues and keep your end users happy.

Creating a Custom Container for the Deep Learning Toolkit: Splunk + Rapids.ai

The Deep Learning Toolkit (DLTK) was launched at .conf19 with the intention of helping customers leverage additional Deep Learning frameworks as part of their machine learning workflows. The app ships with four separate containers: Tensorflow 2.0 - CPU, Tensorflow 2.0 GPU, Pytorch and SpaCy. All of the containers provide a base install of Jupyter Lab & Tensorboard to help customers develop and create neural nets or custom algorithms.


Elastic on Elastic: Embracing our own technology

When making investments in our tech stack, we tend to have doubts about companies that don’t use their own products and services. At Elastic, we deploy the full suite of our technology across the enterprise. We do so because our technology not only works, but it makes us more efficient and flexible on so many levels. And it can do the same for you and your business, too.


Best Practices for Using Splunk Workload Management

Workload management is a powerful Splunk Enterprise feature that allows you to assign system resources to Splunk workloads based on business priorities. In this blog, I will describe four best practices for using workload management. If you want to refresh your knowledge about this feature or use cases that it solves, please read through our recent series of workload management blogs — part 1, part 2, and part 3.


The Daily Telegraf: Getting Started with Telegraf and Splunk

In this blog post, we discuss using Telegraf as your core metrics collection platform with the Splunk App for Infrastructure (SAI) version 2.0, the latest version of Splunk’s infrastructure monitoring app that was recently announced at Splunk .conf19. This blog post assumes you already have some familiarity with Telegraf and Splunk. We provided steps and examples to make sense of everything along the way, and there are also links to resources for more advanced workflows and considerations.


How to Instrument UserLand Apps with eBPF

eBPF has revolutionized the observability landscape in the Linux kernel. Throughout our previous blog post series, I covered the fundamental building blocks of the eBPF ecosystem, scratched the surface of XDP and showed how closely it cooperates with the eBPF infrastructure to introduce a fast-processing datapath in the networking stack. Nevertheless, eBPF is not exclusive to kernel-space tracing.