IoT and Flying Ponies at .conf 2015

By Jason Conger

One of the coolest demos I witnessed at Splunk .conf 2015 was the one by Nate McKervy. The reasons this demo was so cool is 1) it was live, 2) it involved audience participation, and 3) it involved shooting stuffed ponies out of an air cannon. This article will explain a little more of what was going on under the covers.

Skip to 19:18 for the demo

Getting Data from the Audience

To kick off this live demo, some data was needed. What better way to get real data than to get the audience involved? To do this, a mobile website was created that prompted for a couple of questions and then instructed you to shake your mobile device (in case you are wondering, the ondevicemotion event handler was used to measure the shakiness. In fact, you can get the whole mobile app source code from GitHub). This mobile website sent data to Splunk via the new HTTP Event Collector in real time. Boom – live data!

Analyzing the Data from the Audience

Ok, now that we have this live data, it is time to start asking questions. You can see in the video some of the analytics Nate pulled off in real time, including:

Number of users shaking
Trend – i.e. how much shaking is going on over time
Who is shaking the most
The new Choropleth visualization shows what states are shaking
Devices shaking

Firing the Air Cannon from Splunk

You’ll notice at the beginning of the demonstration that there is a filler gauge visualization. This gauge is wired to an Octoblu modular alert that sends a signal to an Octoblu-powered T-Shirt cannon when the gauge hits 100%. This T-Shirt cannon is filled with stuffed Splunk ponies. It is a little hard to see in the official video, but I was able to capture it with my phone (sorry for the quality as I was pretty far back in the room).

Ponies fly at #splunkconf @octoblu @chrismatthieu @chrisfleck @pcrampton @virgilvox pic.twitter.com/HjLpiDdJcz

— Jason Conger (@JasonConger) September 22, 2015

Recap

To recap, shaking mobile devices sent real-time data to Splunk via the HTTP event collector. All sorts of new visualizations are available to analyze the data. The new modular alert framework fired off an Octoblu workflow to send those ponies flying. Splunk is fun!

Resources

Jason Conger

Jason Conger is the Partner Field CTO for Splunk, driving innovation and technical alignment with Splunk partners around the globe. With deep expertise in product architecture, integration, and cloud technologies, he helps align the Splunk technical roadmap with partners’ goals to drive innovative solutions that enhance customer success. Jason joined Splunk in 2012 and has fostered partner innovation and practices ranging from Mainframe to Cloud and everything in between.

Tips & Tricks 3 Min Read

How to Ingest Any Log from AWS Cloudwatch Logs via Firehose

Top tips on ingesting logs from Cloudwatch, regardless of the format!

Tips & Tricks 5 Min Read

Digging into metrics.log

Tips & Tricks 2 Min Read

Indexing Events Delivered by Multicast

About Splunk

The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.

Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.

Learn more about Splunk