Smart AnSwerS #70

Hey there community and welcome to the 70th installment of Smart AnSwerS.

Since expanding Splunk HQ with the addition of the new building next door, things have been eerily quiet as you walk through each floor since everyone has been spread out, leaving many Splunkers feeling distant and empty. People have been missing the energy and lively vibe when everyone was all together under one roof. It was finally decided that everyone in the old building would be consolidated into the new building. So in true Splunk fashion, we’ll be celebrating with a party tomorrow for one last hurrah in our 250 Brannan courtyard before the move to bid our farewell to the old building until it undergoes its new makeover!

Check out this week’s featured Splunk Answers posts:

How to create a search that shows a trending value based on the selected time range picker value?

Iranes needed to create a dashboard with a single value visualization and trending value that changed based on the time range picker, not the default timechart span values. SplunkTrust member MuS answers with a run anywhere dashboard example of Simple XML to get the solution started. With some back and forth discussion on syntax for the search, Iranes was able to find a working solution with MuS’ guidance.
https://answers.splunk.com/answers/390574/how-to-create-a-search-that-shows-a-trending-value.html

How to convert an IP address to binary?

Applegreengrape wanted to know if it was possible to convert an IP address to binary in a Splunk search. SPL can be very powerful, especially if you have a strong grasp on how you can manipulate your data with the right commands. Javiergn comes up with just the right search for this requirement using a combination of eval and stats to get the expected output.
https://answers.splunk.com/answers/396201/how-to-convert-an-ip-address-to-binary.html

How does Splunk assign thread_id for scheduled searches and alerts in scheduler.log?

AntonyPriwin noticed there were saved searches and alerts with the same scheduled_time and dispatch_time that had incremented thread_id values, but there were others that all had the same thread_id. He was interested in understanding the reason for this behavior, and jrodman gave a great explanation of how this value is assigned and what it’s used for.
https://answers.splunk.com/answers/372872/how-does-splunk-assign-thread-id-for-scheduled-sea.html

Thanks for reading!

Missed out on the first sixty-nine Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo

One Trackback

  1. […] from Splunk Blogs http://blogs.splunk.com/2016/07/14/smart-answers-70/ […]