This app provides a scripted input for Splunk that automatically extracts tweets from Twitter's 1% sample stream. It is tested on Splunk 6.0 and 6.1. Splunk 5.0 and earlier is unsupported.
A number of dashboards and searches are also included to demonstrate how Splunk can be used to visualize Twitter activity.
-
Install the app by copying the
twitter2directory to$SPLUNK_HOME/etc/apps/twitter2. -
(Re)start Splunk so that the app is recognized.
-
In the Splunk web interface, from the App menu, select the Twitter app and press "Continue to app setup page".
-
Enter the OAuth settings for a Twitter application that will be used to access tweets from the sample stream and click "Save".
If you don't already have a Twitter account, you can sign up for one at https://twitter.com/. If you need to create a Twitter application for accessing tweets, you can create one at https://dev.twitter.com/apps. It need only be enabled for read access to Twitter data. See https://dev.twitter.com/docs/application-permission-model for details on the Twitter application permission model
-
Wait 15 seconds or so for some tweets to be extracted.
-
Run the search
index=twitterin Splunk to see the events. If you don't see any events, open$SPLUNK_HOME/var/log/splunk/splunkd.logand look for errors issued by ExecProcessor related to the$SPLUNK_HOME/etc/apps/twitter2/bin/twitter_stream.pyscript.
Provides information about trending activity during the last 15 minutes.
Drills down into activity related to a particular user or hashtag.
This view could be used as a social dashboard for tracking activity related to a user of interest.
NOTE: This view requires Splunk 6.1 or later.
Displays the locations of tweets on a map.
This software is licensed under the Apache License 2.0. Details can be found in the file LICENSE.