Using Oracle Integration Cloud Service Libraries: How libraries can simplify an orchestration workflow and maximize ICS functionality By: Courtney Dooley | Technical Architect Oracle Integration Cloud service offers great flexibility and functionality, but data manipulation can be difficult to implement and maintain long term. The solution for data manipulation can be found in the […]
Why Do I Need to Certify? Here’s Four Good (and Brief) Reasons By: William Phelps | Senior Technical Architect In the normal day-to-day work life in the software industry, there is usually enough real work (meaning “paid” work) to keep an IT worker busy. Most of us want to just simply relax after a […]
TekStream Partners with Hyland to Provide Content Services TekStream now offering Hyland implementation and support services ATLANTA, GA, February 28, 2019 — TekStream, an Atlanta-based technology company, and Hyland, a leading provider of information management solutions, are partnering to help organizations achieve their digital transformation goals by enabling seamless, end-to-end content management for their entire ECM […]
Using Splunk to Monitor USB Removable Storage Devices By: Pete Chen | Splunk Practice Team Lead Windows Event Log Monitoring Abstract Information security is only as effective as physical security policies. Splunk continues to be a valuable tool in providing insight into risk and threat detection. As more security operation centers (SOC’s) look to limit sensitive […]
TekStream, an Atlanta-based digital transformation technology firm, today announced it has achieved Premier Partner status in the Splunk Partner+ Program.
By including TekStream in its Premier Partner Tier, Splunk has recognized TekStream for its outstanding achievement and commitment to Splunk market development, strategic prioritization, and customer success.
“It is a significant accomplishment to become a Splunk Premier Partner,” said Matthew Clemmons, Managing Director of Splunk practices at TekStream. “This recognition is a positive affirmation of our commitment to helping our clients get the most from their Splunk investment by aligning with and executing on Splunk’s strategic vision. Premium Partner status will provide us with access to an even greater range of Splunk resources and support. In turn, this enables us to deliver even higher levels of world-class service to our customers for their Security, IT Operational Intelligence, and Support needs.”
In order to achieve Premier Partner status, partners must attain a level of annual bookings and staff accreditations commensurate with the tier. With its Premier status, TekStream’s Splunk customers benefit from an enhanced level of engagement, commitment, and support.
TekStream
TekStream is an Atlanta-based technology solutions company that offers business and digital transformation, managed services, and recruiting expertise to help companies manage their applications, business processes, content, human capital, and machine data as well as take advantage of next-generation cloud-based solutions. TekStream’s IT consulting solutions combined with its specialized IT recruiting expertise helps businesses increase efficiencies, streamline costs, and remain competitive in an extremely fast-changing market. For more information about TekStream Solutions, visit www.tekstream.com or email Shichen Zhang at shichen.zhang@tekstream.com
ATLANTA, GA, January 10, 2019 /24-7PressRelease/ — TekStream announced today that the company has achieved the Service Organization Control (SOC) 1 and SOC 2 Type 2 compliance certification, an attestation standard defined by the Association of International Certified Professional Accountants (AICPA), certifying that TekStream’s information security practices, policies, and procedures are officially approved to meet the SOC 1 and 2 trust principles criteria for security, availability, processing integrity, and confidentiality.
In today’s global economy, more and more companies begin to outsource core business operations and activities to outside vendors. Service providers must have sufficient controls and safeguards in place when hosting or processing customer data. With SOC certification, customers can now be confident that TekStream has the controls and auditing in place to maintain the security, availability, and confidentiality of their systems. TekStream is organized to handle the data privacy concerns of the largest enterprises in highly regulated industries.
“Despite technology advancements, the Cloud and On-Premise environments are not getting any easier to maintain.” explains Judd Robins, Executive Vice President. “In fact, as Cloud and hybrid digital transformations become increasingly common; supporting and managing today’s leading technologies with security controls and protocols becomes even more difficult. Customers are no longer looking to maintain an expensive internal team of architects, developers, support personnel, admins, and infrastructure experts for critical applications. TekStream’s Support and Managed Services takes this burden off customer teams, so they can focus on growth while leaving the IT details to us.”
TekStream’s support and managed services offerings are designed to provide companies with flexible support hours to ensure enterprise solutions are running smoothly, securely and efficiently at all times. Our support technicians are dedicated to rapid request response and providing real-time solutions and services based on years of practice with Amazon, Hyland, Liferay, Oracle, and Splunk.
Our support and MSP services include:
TekStream’s commitment to enterprise-level security, privacy, availability, and performance is driven by our unique and entrepreneurial culture built by individuals who are fanatically driven to exceed client expectations. With our SOC 1 and SOC 2 compliance, customers are in good hands with our team of experts.
TekStream
TekStream is an Atlanta-based technology solutions company that offers business and digital transformation, managed services, and recruiting expertise to help companies manage their applications, business processes, content, human capital, and machine data as well as take advantage of next-generation cloud-based solutions. TekStream’s IT consulting solutions combined with its specialized IT recruiting expertise helps businesses increase efficiencies, streamline costs, and remain competitive in an extremely fast-changing market. For more information about TekStream Solutions, visit www.tekstream.com or email Shichen Zhang at shichen.zhang@tekstream.com.
Machine Learning with Splunk: Fitting a Model By: Abe Hardy | Splunk Consultant What is machine learning? A quick search online will return definitions using the words algorithm, statistics and model. A slightly less technical definition would be that machine learning is a general term used for formulas to determine outcomes based on features from provided […]
By: Pete Chen | Splunk Consultant
A new feature introduced in Splunk 7.2 is the Splunkd Health Status Report. Monitoring Splunk’s status by checking if Splunkd is running may tell you if Splunk is running, but it won’t tell you if there’s a problem developing while Splunk is running. In the latest version of Splunk, you’ll only need to look next to your name to figure out how Splunk is doing.
Once you click on the icon, a screen will pop up with the health status of Splunk.
The status tree is broken down into 4 areas, Splunkd, Feature Categories, Features, and Indicators.
| Splunkd | The overall status of Splunkd is based on the least healthy component in the tree. The status is for the specific host only. |
| Feature Categories | This is the second stage, and represents a logical grouping of features. Feature categories won’t have a status. |
| Feature | Each feature status is based on one or more indicators, with the least healthy indicator status as the status for the particular feature. |
| Indicators | Indicators are the lowest levels of measurable health status that are tracked by each feature. The colors for status change as health for each feature changes. |
In the event more details are required, the health report also generates a log, and can be found at: SPLUNK_HOME/splunk/var/log/splunk/health.log
Here’s a sample of the log:
Changing notification settings can be found in the Settings menu. From Settings, select Health report manager.
From there, each feature can be enabled or disabled, and the thresholds set.
As with other functions and features in Splunk, settings for health monitoring can be changed through a conf file. This is located in $SPLUNK_HOME/etc/system/local/health.conf. Alerting thresholds, intervals, and seriousness can all be defined in the configuration file. A tremendous benefit to being able to configure the health monitoring is the ability to add alerts. When an alert fires, it can send a notification via email or PagerDuty. To enable this feature, simply add the following stanza to health.conf:
[alert_action:email]
disabled = 0
action.to = <recipient@example.com>
action.cc = <recipient_2@example.com>
action.bcc = <other_recipients@example.com>
And finally, the health monitoring feature can be used by other monitoring tools. Using a curl command, other tools can help to better monitor your Splunk environment. The curl command is:
curl -k -u admin:pass https://<host>:8089/services/server/health/splunkd
When things go wrong, it may be difficult to determine where to begin troubleshooting. The monitoring tool helps by proving a root cause, and the last 50 related messages. This will help the admin better asses the problem and remediate it.
Splunk health monitoring is a simple, effective tool to help keep a Splunk environment healthy. Adding features, tuning indicators, adjusting intervals, and setting
alerts are all ways this new tool pre-loaded into Splunk can help ensure Splunk is healthy.
Want to learn more about Splunkd Health Status Report? Contact us today!
By: Zubair Rauf | Splunk Consultant
When Splunk environments grow in organizations, the need for source control also grows with it. It is good practice to use the widely available source control tools that are available for enterprise level source control.
There are many Version Source Control (VCS) software available online, but the one most widely used is the open source, Git, which has proven to be a very powerful tool for distributed source control. Using Git, multiple Splunk Admins can work with their local repositories and the changes shared separately.
To take the conversation further, I would separate the need for version control in two major segments
I have broken down the applications into two segments to enable ease of management for Splunk Admins. The User Applications should consist of the search artifacts that are built and developed as use cases evolve and change often, whereas the Administrative applications I would classify as those which are mostly used to deploy setup Splunk like TAs and other deployment apps. These applications rarely change once set up unless new data sources are on-boarded, there are significant changes to the architecture, etc.
In the context of this blog post, we will focus on the administrative applications. These apps are the backbone on your Splunk deployment and should be cautiously changed to make sure there is no downtime in the environment. Changing these files could cause irreparable damage to the way data is indexed to Splunk, causing loss to indexed events, especially when changing sourcetypes, etc.
As I already mentioned, there are numerous flavors of source control and depending on your taste, you can use either. If you’re starting off fresh with source control, Git is easy to set-up and you can use it with Github or Atlassian Bitbucket. Both these tools can help you get started in a matter of minutes, where you can create repositories and setup source control for your distributed Splunk environment.
The Git server will host all the master repos in the Splunk Environment for all the administrative apps. The admins who need make edits do it in the following two ways;
Ideally, no one should edit the master branch directly to reduce the risk of unwanted changes to the master files. All admins should edit in local branches, and then once the edits are approved, they should be merged to the master.
There should be three Master repos with their respective apps and TAs in those repos. These repos should correspond to the following servers;
To deploy the repos to the servers, you can use git hooks or tie your git deployment back into your puppet or chef environment. This is based on your discretion and how you are comfortable with distributed deployment in your organization. The repos should be deployed to the following directories
After the updated repos are deployed to the respective directories, you can push them out to the client nodes using Splunk commands.
If you are interested in more information, please reach out to us and someone will get in touch with you and discuss options on how TekStream can help you manage your Splunk environment.