This Splunk Lantern blog post highlights new articles on instrumenting LLMs with Splunk, leveraging Kubernetes for Splunk, and using Splunk Asset and Risk Intelligence.
SIEM market is undergoing significant changes, with many vendors included in Gartner's latest Magic Quadrant report. However, amid the cloud transformation, vendor consolidation, and competition and integration with extended detection and response (XDR), the future is uncertain. The recent acquisition of Splunk by Cisco and IBM selling its QRadar software-as-a-service (SaaS) assets to Palo Alto Networks indicate that some big players are shifting strategies. Gartner Distinguished VP Analyst Peter Firstbrook suggests that IBM is giving up on SIEM and SOAR markets in favor of XDR, while Cisco is trying to figure out how to integrate Splunk with its XDR strategy. Many existing SIEM vendors will either be acquired, shift toward niche markets, or go out of business. Over the next 10 years, the SIEM market will transition to a few dominant players offering integrated platforms supplemented by specialized partner solutions.
OpenTelemetry offers a standardized process for observability, but its functionality is a work in progress. Its usefulness depends on the observability tools and platforms used in conjunction with OpenTelemetry.
Create standalone with Splunk Free license
Splunk Free is the totally free version of Splunk software. The Free license lets you index up to 500 MB per day and will never expire.
Execute the following to bring up a Splunk Free standalone environment:
$ docker run --name so1 --hostname so1 -p 8000:8000
-e "SPLUNK_PASSWORD=<password>"
-e "SPLUNK_START_ARGS=--accept-license"
-e "SPLUNK_LICENSE_URI=Free"
-it splunk/splunk:latest
Splunk Free is the totally free version of Splunk software. The Free license lets you index up to 500 MB per day and will never expire.
Execute the following to bring up a Splunk Free standalone environment:
$ docker run --name so1 --hostname so1 -p 8000:8000
-e "SPLUNK_PASSWORD=<password>"
-e "SPLUNK_START_ARGS=--accept-license"
-e "SPLUNK_LICENSE_URI=Free"
-it splunk/splunk:latest
append - to append the search result of one search with another (new search with/without same number/name of fields) search.
Usually to append final result of two searches using different method to arrive to the result (which can't be merged into one search)
appendpipe - to append the search results of post process (subpipeline) of the current resultset to current result set.
Typically to add summary of the current result set.
appendcols - to append the fields of one search result with other search result. Fields are added row-wise, 1st row of first search will be merged with 1st row of 2nd search.
Value of common fields between results will be overwritten by 2nd search result values.
Typically to show comparitive analysis of two search results in same table/chart.
Usually to append final result of two searches using different method to arrive to the result (which can't be merged into one search)
appendpipe - to append the search results of post process (subpipeline) of the current resultset to current result set.
Typically to add summary of the current result set.
appendcols - to append the fields of one search result with other search result. Fields are added row-wise, 1st row of first search will be merged with 1st row of 2nd search.
Value of common fields between results will be overwritten by 2nd search result values.
Typically to show comparitive analysis of two search results in same table/chart.
