Smart AnSwerS

Hello, and welcome to the debut of Smart AnSwerS, a weekly blog series featuring posts from Splunk Answers on trending issues, interesting use cases, and more!

For the last couple of months, I’ve been reviewing incoming content on Answers and selecting high-value postings to summarize and email weekly to my compadres on the mighty Splunk Support team. Pretty quickly, we realized that this information wasn’t just useful to Support–it is useful to everyone who uses Splunk–so here we are. This first installment is a bit of a best-of from the previous emails, but look for a new blog post each week chock full of specially-curated Answers for you to expand your brainmeats with.

Answers? What’s that?

If you aren’t familiar with Splunk Answers, it serves as the Q&A forum for Splunk users to find, well, answers to their common and not-so-common questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come to the site seeking solutions to their head-scratchers, and to help others tackle their own Splunk puzzlers.

You’re the Answer

Something important to remember: all of you who use Splunk products every day in the real world have a vast array of knowledge to share with the rest of our community–Splunk employees and customers alike! We’re all learning a great deal from each other to use and improve our products, so let’s keep up the great work :)

So without further ado, check out the first set of featured Answers posts:

How to compare fields over multiple sourcetypes without join, append, or use of subsearches?

A question I find often throughout Answers is how search performance is affected by certain commands and approaches such as join, append and subsearches. MuS provides run anywhere examples and utilizes other search commands that return the same results more efficiently. Other Answers users have definitely deemed this post bookmark-worthy for reference:
http://answers.splunk.com/answers/129424/how-to-compare-fields-over-multiple-sourcetypes-without-join-append-or-use-of-subsearches

How do optimizations for field-based searches work?

This post serves as a great education piece on how Splunk retrieves events for field-based searches. Hexx and jrodman tag team to highlight the various scenarios and factors that determine how these searches are executed to return events. Check it out to learn or to refresh your memory on the logic of search-time configurations, lookups, regex-based field extractions, and more:
http://answers.splunk.com/answers/172275/how-do-optimizations-for-field-based-searches-work.html

How to sort data in chronological order by month, not alphabetically?

A common problem I’ve seen on Answers is users needing to sort data in chronological order by month or day of the week, not alphabetically by the name of the month or day. Splunk does not inherently understand how to sort in this manner. In this post, Ayn explains a solution to this by creating a numerical field to associate with each month to sort by and get the user’s expected result.
http://answers.splunk.com/answers/170706/how-to-sort-data-in-chronological-order-by-month-n.html

Thanks for reading, and keep on the lookout for the next installment of Smart AnSwerS!

48 Trackbacks

  1. […] Hello Splunk community and welcome to the 8th installment of Smart AnSwerS! […]

  2. […] Hello Splunk community and welcome to the 9th installment of Smart AnSwerS. […]

  3. […] Hey there Splunk community and welcome to the 10th installment of Smart AnSwerS. […]

  4. […] Hi there Splunk community and welcome to the 11th installment of Smart AnSwerS. […]

  5. Smart AnSwerS #5 | Splunk Blogs on February 25, 2015

    […] Missed out the first four Smart AnSwerS blog posts? Check em out here! http://blogs.splunk.com/2014/12/30/smart-answers-4 http://blogs.splunk.com/2014/12/18/smart-answers-3 http://blogs.splunk.com/2014/12/03/smart-answers-2 http://blogs.splunk.com/2014/11/24/smart-answers […]

  6. […] Hello Splunk community and welcome to the 12th installment of Smart AnSwerS. […]

  7. […] Hello Splunk Community, and welcome to the 13th installment of Smart AnSwerS! […]

  8. […] Hey there and welcome to the 14th installment of Smart AnSwerS. […]

  9. […] Hey Splunk community and welcome to the 15th installment of Smart AnSwerS. […]

  10. […] Hey Splunk community and welcome to the 15th installment of Smart AnSwerS. […]

  11. […] Hey Splunk community and welcome to the 17th installment of Smart AnSwerS! […]

  12. […] Hey Splunk community and welcome to the 18th installment of Smart AnSwerS. […]

  13. […] Hey Splunk Community! Welcome to the 19th installment of Smart AnSwerS. […]

  14. […] Hey Splunk Community and welcome to the 20th installment of Smart AnSwerS! […]

  15. […] Hey there Community and welcome to the 21st installment of Smart AnSwerS. […]

  16. […] there community and welcome back to Smart AnSwerS, the 22nd installment of its […]

  17. […] Hey there community and welcome to the 23rd installment of Smart AnSwerS! […]

  18. […] Hey there community, and welcome to the 24th installment of Smart AnSwerS! […]

  19. […] Hey there community, and welcome to the 25th installment of Smart AnSwerS. […]

  20. […] Hey there community! Welcome the 26th installment of Smart AnSwerS. […]

  21. […] Hey there community, and welcome to the 27th installment of Smart AnSwerS! […]

  22. […] Missed out the first three Smart AnSwerS blog posts? Check em out here! http://blogs.splunk.com/2014/12/18/smart-answers-3 http://blogs.splunk.com/2014/12/03/smart-answers-2 http://blogs.splunk.com/2014/11/24/smart-answers […]

  23. […] Hey there community and welcome to the 28th installment of Smart AnSwerS! […]

  24. […] Hey there community, and welcome to the 29th installment of Smart AnSwerS. […]

  25. […] Hey there community and welcome to the 30th installment of Smart AnSwerS. […]

  26. […] Hey there community and welcome to the 31st installment of Smart AnSwerS. […]

  27. […] Hey there community and welcome to the 32nd installment of Smart AnSwerS. […]

  28. […] Hey there community and welcome to the 33rd installment of Smart AnSwerS. […]

  29. […] Hey there community and welcome to the 34th installment of Smart AnSwerS. […]

  30. […] Hey there community and welcome to the 35th installment of Smart AnSwerS. […]

  31. […] Hey there community and welcome to the 36th installment of Smart AnSwerS. […]

  32. Smart AnSwerS #37 | Splunk Blogs on September 10, 2015

    […] Hey there community and welcome to the 37th installment of Smart AnSwerS. […]

  33. Smart AnSwerS #38 | Splunk Blogs on September 17, 2015

    […] Hey there community and welcome to the 38th installment of Smart AnSwerS. […]

  34. […] Hey there community and welcome to the 39th installment of Smart AnSwerS. […]

  35. […] Hey there community and welcome to the 40th installment of Smart AnSwerS. […]

  36. […] Hey there community and welcome to the 41st installment of Smart AnSwerS. […]

  37. […] Hey there community and welcome to the 42nd installment of Smart AnSwerS. […]

  38. […] Hey there community and welcome to the 43rd installment of Smart AnSwerS. […]

  39. […] Hey there community and welcome to the 44th installment of Smart AnSwerS. […]

  40. […] Hey there community and welcome to the 45th installment of Smart AnSwerS. […]

  41. […] Hey there community and welcome to the 46th installment of Smart AnSwerS. […]

  42. […] Hey there community and welcome to the 47th installment of Smart AnSwerS. […]

  43. […] Hey there community and welcome to the 48th installment of Smart AnSwerS. […]

  44. […] Hey there community and welcome to the 49th installment of Smart AnSwerS. […]

  45. […] Hey there community and welcome to the 50th installment of Smart AnSwerS. […]

  46. […] Hey there community and welcome to the 51st installment of Smart AnSwerS. […]

  47. […] Hey there community and welcome to the 52nd installment of Smart AnSwerS. […]

  48. […] Hey there community and welcome to the 53rd installment of Smart AnSwerS. […]