Clik here to view.
New Splunk Book Excerpt: Finding Events After Other Events
EXCERPT FROM “EXPLORING SPLUNK: SEARCH PROCESSING LANGUAGE (SPL) PRIMER AND COOKBOOK”. Kindle/iPad/PDF available for free, and hardcopy available for purchase at Amazon. Finding Events After Other...
View ArticleOMG a Blog Post!
It’s been forever since I’ve posted anything, but since I’ll be speaking at .conf2012 there is additional material we couldn’t get into our presentation. The blog is a great way to get that online....
View ArticleFirst Splunk live! events in Aotearoa
The “Land of the Long White Cloud” aka “Aotearoa” aka “Middle Earth” aka New Zealand is going to get Splunked at the end of September ! New Zealand’s first ever Splunk live! events are going to be held...
View ArticleClik here to view.
Virtualization Intelligence Is A Big Data Problem
VMworld wrapped up last week and while it was a pleasure to showcase the upcoming version of the VMware app, it was perhaps even more gratifying to hear the acknowledgement across the board that...
View ArticleClik here to view.
Exploring Twitter data
Want to explore popular content on Twitter with Splunk queries? The new Twitter App for Splunk 4.3 provides a scripted input that automatically extracts data from Twitter’s public 1% sample stream. You...
View ArticleClik here to view.
Unlocking Splunk Data with Shuttl
Shuttl is being featured at Splunk’s Worldwide Users’ Conference 2012. I’ve talked about the benefits of Shuttl for efficiently and scalably bulk-moving Splunk data to HDFS for Archiving in a past blog...
View ArticleClik here to view.
That happened: episode 20
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: Genius capes, paranoia and underpants, brief interludes. For real IT Superheroes Cerby has a...
View ArticleThink Beyond Application Monitoring
Are you going to be at .conf? If not, you should be. Don’t miss the opportunity to listen to Justin Hardeman from Availity, a leading health information network, where he discusses how his organization...
View ArticleLearn about Splunk for Cloud and Virtualization at .conf
Are you virtualizing your environment? Is your organization soaking in all the buzz around Cloud? Are you virtualizing your infrastructure or adopting cloud solutions? Want to gain efficiencies and...
View ArticleClik here to view.
Are you getting ready for the holidays?
Time flies. Couple of weeks ago, I was visiting a major retailer to finish up my kid’s back to school shopping. To my surprise, I found number of holiday items – Halloween, Christmas lights and other...
View ArticleSplunk Meets Cloud and Virtualization
Less than a week left for .conf and so many exciting sessions to write about. I hope you had the chance to read my other posts about how one of our customers will be discussing their usage of Splunk to...
View ArticleClik here to view.
SplunkTalk – #67 – Will they ever return? ;)
Maverick? Splunk Ninja? Where are you guys? Is this the end of SplunkTalk? Rest assured fine feathered listeners, it is not. This is really the end of what feels like the second season of SplunkTalk....
View ArticleSplunk internal logs: alerting
Here is what you will find if you go looking in Splunk’s internal logs when a scheduled search fires an alert. These actions don’t necessarily happen in exactly this order, but this is typically how I...
View ArticleClik here to view.
Speech-to-text with Splunk: converting natural language into Splunk search...
Is that possible at all? At Splunk, we are constantly experimenting ways to make Splunk more usable. This new approach allows users to “talk” to Splunk (with a microphone) and transforms natural...
View ArticleTracking indexing status in splunkd.log and metrics.log
To continue the discussion of internal logs, here are some examples of indexing-related activity in splunkd.log and metrics.log splunkd.log This scripted input returned new events 09-03-2012...
View ArticleA quick tour of a dispatch directory
Each search has artifacts that need to be saved on disk This happens in $SPLUNK_HOME/var/run/splunk/dispatch. There is one directory for each search and it is deleted after the search expires. Here’s...
View ArticleSplunk PHP SDK now available
This one goes out to all the developers waiting for the Splunk PHP SDK. Well, the wait has finally ended. A public preview of PHP SDK 0.1.0 is now available on Github. While in its early stages, you...
View ArticleHow long does my search live? Default search ttl
When talking about dispatch directories, it’s important to understand how long a search lives. After a search expires, its artifacts (contained in the dispatch directory) are deleted. Different types...
View ArticleDeciphering dispatch directory names
Another confusing part of working with dispatch directories is how they are named. You can see the SID value (which is used as the directory name) in the search job inspector and it seems it has some...
View ArticleVisualizing Big Data with Splunk
To all .conf attendees, thank you for attending my presentation today. It was really heart-warming to see the strong support from you. The room reached full-occupancy within minutes! To those that...
View Article