Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Hey there community and welcome to the 36th installment of Smart AnSwerS.
While searching and writing up content for this post, all I could hear behind me was “Jess, duck. Hey Jess, can you duck really quick? Jess? Cool.” Docteam rockstar Jess finally obliges. *nerf guns go pew pew pew galore* Just another late afternoon in the middle of the week. The nerf wars have gotten more intense lately. I’ve had to put up a temporary barricade behind me to avoid accidental head and neck shots from the crossfire. There was even plastic debris around piebob’s desk earlier this week from a lamp shade 2 desks away. The horror! However, I’ve emerged from this war a survivor many times. It’ll take more than a nerf bullet or ten to stop me ;D
Check out this week’s featured Splunk Answers posts:
jamiemccallion needed to migrate loadjob-based dashboards to something that worked with search head clustering as there is a current known issue where saved search artifacts are not available to all search head cluster members via loadjobs. Jamie was pointed in the right direction by Splunk Support and shared the solution by posting both the question and answer for the community on Splunk Answers. Check out the workaround using the search tag attribute ‘ref’ instead of the loadjob command in Simple XML dashboards.
http://answers.splunk.com/answers/260035/what-can-we-use-to-replace-loadjob-based-dashboard.html
abour wanted to search a list of specific fields for the same list of keywords without having to repeatedly type out each key-value pair in the search string, but also avoid searching through the entire index for fields that were not of interest. martin_mueller constructed a subsearch to meet this exact requirement, explained how it worked, and suggested creating a macro with the subsearch content to easily execute this again for future use. Get your search fu on and learn a thing or two from this impressive answer.
http://answers.splunk.com/answers/269855/how-do-i-search-specified-fields-with-the-same-key.html
jagadish85 had a table with a column of rows with repeating values, but wanted to merge these rows into one to only show each value once. This is a common table formatting requirement that comes up on Answers every so often, so the solution by Runals has been a great help to more than just the original poster of the question. Learn how the simple, but strategic placement of the sort command makes all the difference.
http://answers.splunk.com/answers/232581/how-to-merge-rows-in-a-table-column-if-the-value-i.html
Thanks for reading!
Missed out on the first thirty-five Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo
----------------------------------------------------
Thanks!
Patrick Pablo
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.