Smart AnSwerS #5
Hey there Splunk community, welcome to the 5th installment of Smart AnSwerS and the first of 2015!
Just when I thought the first work week of the year was going to slowly ease me back in, Splunk Answers and, well, you all have been busier than ever and have gotten me to hit the ground running. What does that mean? Why, more material for me to work with for this blog series of course 😉 – Check out this week’s featured posts:
Why is syslog right into Splunk so bad/wrong?
I already had this post lined up to be featured and coincidentally, this topic actually came up at last night’s SF Bay Area Splunk User Group Meeting in the discussion on disaster recovery and high availability. How appropriate! dshpritz brought this question (and answer) to the community to explain why you should be wary of sending data to Splunk on a UDP port and dives into more detail on best practices. Also, alacercogitatus graces the post with prose from the land of Splunktonia. A must read.
What are best practices for creating a dashboard of saved searches without hitting the concurrent search quota per user?
This is definitely a topic that concerns many Splunk users. Proper capacity planning in terms of hardware requirements is part of the battle with handling concurrent searches, but how you create dashboards is essential for the next step. bruceclarke was concerned about users hitting concurrent search quotas and wanted to know best practices for preventing different scenarios in their environment. vasanthmss brings up a couple suggestions, one of which was covered by nfilippi_splunk on post process searches for re-usability, also at last night’s UG meeting. Stars are aligning in the world of Splunk. If you have other recommendations to add to the post, by all means throw in your two cents
How to write a search and set up an alert using the metadata command to find hosts that are not reporting in?
Many users on Answers have asked this exact, if not similar question. hartfoml wanted to find hosts that were not reporting in after a certain period of time, but in this particular case, using the metadata command which is great for search performance to gather information on hosts. somesoni2 helped pull the picture together with a search I think many users out there should save and tweak to your needs.
Thanks for reading folks and Happy New Year!
Missed out the first four Smart AnSwerS blog posts? Check em out here!