Smart AnSwerS #26

Hey there community! Welcome to the 26th installment of Smart AnSwerS.

This just in! The documentation for the join command has been recently updated by our very own senior technical writer Laura Stewart! I used to check that page every now and then, only to find a tumbleweed rolling by. Well, that didn’t really happen, but that’s what I imagined in my head. It was in need of some tender loving care, and it has finally undergone a complete overhaul. If you’d like to provide input about the new content, feel free to navigate to “Was this topic useful?” at the bottom of that page to leave positive constructive feedback :) After you’re done perusing through the join topic makeover…

Check out this week’s featured Splunk Answers posts:

What are the differences between append, appendpipe, and appendcols search commands?

landen99 wanted clarification on how these three commands are used and scenarios to show why you would use one over the others. somesoni2 gives a great answer highlighting how each command operates with sample searches and the expected output to compare and contrast different use cases. If this question has crossed your mind, then you’ve come to the right place.

[SHC] Troubleshooting configurations under search head clustering

rbal_splunk is at it again, finding a common issue working with customers in support, posting the question on Answers, and answering it herself with amazing attention to detail to help the greater community. Some people just can’t get enough of being so helpful and awesome. 😛 Come see what she has written up on troubleshooting configurations for search head clustering, including relevant documentation, types of configuration changes, things to look out for, notable behaviors, and more!

How to rotate a table using transpose, remove the first row, and rename the column headers?

Table formatting can make some users run circles around getting it just right and, unfortunately, HattrickNZ was struggling to construct a search for his expected output. He had used the transpose command to rearrange the columns and rows, but couldn’t figure out how to remove a particular row after that change. acharlieh stepped in throwing transpose out the door and used a combination of untable, xyseries, and rename commands to make magic happen. Sometimes, it’s better to explore other options in Splunk’s search processing language to get the job done right.

Thanks for tuning in!

Missed out on the first twenty-five Smart AnSwerS blog posts? Check ‘em out here!