It pushes alerts and charts to your cellphone from your Splunk servers, when you're on the beach. It's how you get your Splunk data conveniently on the go. splunkeverywhere is a one-way data push from firewalled splunk servers to mobile devices, via a cloud-based service run by Splunk or your own organization.
It gives you quick and easy data on the go, sharing only what you want with whom you want. It's optimized for the mobile platform, and constant availability of critical data.
It's for everyone that can benefit from critical data. In fact, splunkeverywhere creates new class of users that otherwise would not use Splunk.
It adds the "share" search command. For all your alerts and saved searches that you want to make available to mobile users, 24/7, simply append "| share somename". User's subscribed up to the somename channel will get the charts and data on their phones. Add the "alert=true" option to the share command, and the phone will beep and give an alert when new data fires.
According the users questioned by the Aberdeen Group:
How are your systems, users, data performing? Is anything irregular? Is there anything I need to be alarmed about? No, that's good to know too.
No. It's a web and native mobile app, with functionality appropriate for mobile. It is not the Splunk UI ported to mobile. It supports very limited, simple interaction for small devices. It is alert-driven.
No. splunkeverywhere is a one-way push of results. It is not an interactive search interface. For more investigative searching, you'll need to full power of the Splunk user interface.
Yes and no. This is a dedicated app that allows you to see alerts and the charts that come with it. It has a dedicated web interface that allows you to specify who sees what. Imagine an environment where the users are NOT just splunk admin people, but a dozen people in marketing that want to get charts on download numbers daily, and they want to get alerts other metrics drop below a threshold. etc.
Using this mobile app, your splunk alerts are not mixed in with all your other emails, work and personal, (I get over 100 a day) and it's not an attached PDF that you have to open up, which isn't the friendliest interface. Your splunk alerts come from a specific Splunk alerting app, that jumps you right to the chart. With the email-pdf approach, mobile email clients usually alert you on every email or never. If you want to receive alerts on specific results, each user would have to write email rules or have a separate mailbox for particular types of urgent alerts.
Using this mobile app, you have a web interface accessible from anywhere that lists out which users get what alerts. Adding/deleting users that get alerts is trivial. If you use the email-pdf approach, a splunk admin has to go (vpn) into your splunk instance, find the specific alert object and edit the "To:" line of the alert, for each user you want to add/delete.
In short, if you like the fact that you get urgent splunk alerts are separate from your email, and aren't mixed in, and you like the fact that you can easily edit who gets which alerts, try this app.
Don't send an alert if there's no search results
Improve alert message
* Use HTTPS
Fixed problem where 'share' was called multiple times.
Initial Beta Release
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.