David Veuve - Tech Blog

A Mostly Unattended Blog with Thoughts Going Back for Years

How I use Summary Indexes in Splunk

At the recent San Francisco Splunk Meetup, there was a brief joking exchange about how the secret to using Summary Indexing was to ignore the summary index commands (sistats, etc.). This brought up a question about realistically, how we one should use summary indexing, so I decided to create an explanation of how I use it in my environment. There a[...]

VMWare Router

Lately, I've been finding myself building more and more complex environments in VMWare, simulating complex scenarios that have networking requirements above and beyond a mere LAN Segment. For example, as an SE, suppose I want to more closely mirror a customer environment, when simulating a deployment change. If you want to maintain the IPs of diffe[...]

Proxying Splunk with SSL with Apache

This is as much for my documentation as for anyone else spending ages searching through Google to find a working solution. I wanted to run Splunk on my personal site, naturally, but I also didn't want Splunk listening to the world on port 8000. It took me a lot of experimentation to find a working solution, but here it is: # cat /opt/splunk/etc/[...]

Processing CCM Logs

I'm engaging in a project to move our Cisco Unified Call Manager (aka CUCM, here known as CCM) Call Detail Report (CDR) logs into an internally managed system. I've elected to use Splunk for this task because of its flexibility and power in processing log entries. ?The goal is to make a Splunk app that is generic enough to be used by others, and pr[...]