We’re delighted to introduce our latest enterprise integration, the Spur Enrichment for Splunk application. This new application is specifically designed to elevate your Splunk experience, providing advanced data analysis using Spur’s feeds and APIs seamlessly integrated into your Splunk environment.
Our Splunk application offers robust search command capabilities and modular input features. This post will guide you through each of the features included in the application.
Ready to Supercharge Your Splunk Experience?
Can’t wait to get your hands on it? Jump straight to Splunkbase and download the Spur Enrichment for Splunk application.
Getting the Most Out of Spur Enrichment for Splunk
Before diving into the specific features of our application, let’s explore some practical ways you can leverage these tools in your Splunk environment:
- Generating Command: Quickly create events for analysis by inputting specific IP addresses. This is especially useful for targeted investigations.
- Streaming Command: Enhance your existing event data by enriching it with contextual information from Spur’s Context API. This can provide deeper insights and help identify threats in your data.
- Modular Input: Keep your data streams fresh and relevant by integrating Spur feeds directly into your Splunk indexes. This ensures you’re always working with the most current data available.
These features are designed to make your data analysis both more efficient and effective so you can utilize Spur’s data to its fullest potential.
Search Commands in Action
Spur Enrichment for Splunk includes search commands that seamlessly integrate the Spur Context API with Splunk, acting like a bridge that connects Spur’s rich data insights directly into your Splunk workflows. This integration means you can enrich and analyze your Splunk data with the added depth and context of Spur’s comprehensive resources, all within the familiar Splunk interface.
Generating Command
In Splunk, a generating command is used to create new events or data points. Our generating command leverages this concept by allowing you to initiate ad-hoc analysis with specific IP addresses. It’s particularly handy when you need to quickly generate data for on-the-spot investigation or analysis. By integrating with the Spur Context API, this command fetches and incorporates relevant contextual information from Spur, enriching your Splunk data in real time.
See it in Action
| spurcontextapigen ip="1.1.1.1"Streaming Command
The streaming command in Splunk serves as a dynamic tool for enriching your existing data streams. It works by adding detailed context to each event as it flows through your Splunk pipeline, utilizing the Spur Context API. This command is particularly useful for real-time data enrichment, allowing you to append additional, relevant information to each IP-related event on the fly.
See it in Action
| makeresults
| eval ip = "1.1.1.1"
| spurcontextapi ip_field="ip"Basic IP Query Example
clientip="223.205.219.67" | spurcontextapi ip_field="clientip"
Modular Input: Streamlining Access to Spur’s Feed API
Spur Enrichment for Splunk also includes a modular input feature. In the modular input section of our Splunk application, we introduce a feature that automates the ingestion of data from Spur’s Feed API into your Splunk environment. This integration allows for a consistent and comprehensive data stream, enhancing your Splunk environment with the depth and variety of Spur’s data.
Simple Setup Process
- Go to
Settings -> Data Inputswithin Splunk. - Select “Spur Feed” and initiate a new input.
- Customize the feed type and settings, like the index and interval, to suit your analysis requirements.
Monitoring Progress:
- Logs: Check the progress in
$SPLUNK_HOME/var/log/splunk/spurcontextapi.log, which can be directly viewed or added to Splunk as a data input.
Wrapping Up: Your Feedback Matters
That’s a wrap on our introduction to the Spur Enrichment for Splunk application. Our goal is to simplify your experience integrating Spur’s tools with Splunk, we’re eager to hear about your experiences and discoveries.
Have insights or questions about using the app? Feel free to share them with us by using our contact form or support@spur.us. Your feedback is invaluable as we continue to refine and enhance our tools. Let’s explore the possibilities together!
