Smart AnSwerS #11

Hi there Splunk community and welcome to the 11th installment of Smart AnSwerS.

This week is Splunk’s FY’16 Sales Kickoff (SKO) and there’s been a lot of hustle and bustle with Splunkers from around the globe in town. It’s been a jam-packed week reflecting on amazing achievements this past fiscal year, hearing personal customer experiences, and getting psyched for future goals with the ever changing landscape of big data. To put a cherry on top, we’ve had a cotton candy machine at HQ because the venue for the event wouldn’t allow us to use it there. I have yet to hear any complaints in the office about it (unsurprisingly) 😛 – Check out this week’s featured Splunk Answers posts:

How to export a list of triggered alerts to CSV based on the name of the scheduled search that triggered them?

Splunk support folks cdo_splunk and hexx teamed up to bring you this helpful topic. If you have a need to search a list of alerts matching the names of their respective scheduled searches with their trigger count, then look no further! Find out how to use the REST API “fired_alerts” endpoint to get nicely formatted results for export.
http://answers.splunk.com/answers/212264/how-to-export-a-list-of-triggered-alerts-to-csv-ba.html

Is there an alternative to subsearch or a way to raise the results limit?

rlough had a search to find the correct data minus one hiccup. The search produced hundreds of thousands of results, but using a subsearch hit the 10,000 result limit! lguinn masterfully revamps the search without the use of subsearches at all, greatly improving its speed. MuS hopped in on the thread to share an Answers post on search alternatives for performance which was featured in the very first Smart AnSwerS blog. With lguinn and MuS’ power combined, they helped speed up rlough’s search to make it 10 times faster. Enlightenment achieved.
http://answers.splunk.com/answers/211761/is-there-an-alternative-to-subsearch-or-a-way-to-r.html

Is it possible to migrate summary indexes from Splunk 4 to Splunk 6?

sonicZ was planning a migration of summary indexes from Splunk 4 to Splunk 6, but needed some guidance on the right process and best practices to follow before proceeding. srioux answers with great references to documentation and previous answers posts on the topic, but cautioning that research should be done as each environment will be different.
http://answers.splunk.com/answers/208819/is-it-possible-to-migrate-summary-indexes-from-spl-1.html

Thanks for reading and happy Splunking!

 

Missed out on the first ten Smart AnSwerS blog posts? Check em out here!
http://blogs.splunk.com/author/ppablo