Blogs: Maverick

On the second Tuesday of each month, Splunkers in the Dallas / Fort Worth Metroplex area have been getting together on a regular basis to talk about all things Splunk. Seems the users are able to take advantage of spending just a couple hours with each other, trading notes about Splunk, helping each other solve problems with our Splunk deployments and configurations, and sharing a beer and pizza too.

BTW, we are 40 members and counting now!

Our next meeting will be held at the Splunk Office in Plano, Texas on Tuesday, June 12th @ 6:00p CST.

Did you know that my data mames me healthier? Yeah, I exported my year-long history of daily caloric intake, weight measurements, and amount of water consumption from my LiveStrong.com account and splunked it all.

On the second Tuesday of each month, Splunkers in the Dallas / Fort Worth Metroplex area have been getting together on a regular basis to talk about all things Splunk. Seems the users are able to take advantage of spending just a couple hours with each other, trading notes about Splunk, helping each other solve problems with our Splunk deployments and configurations, and sharing a beer and pizza too.

For the past couple months, Splunkers in the Dallas Metroplex area have been getting together to talk about all things Splunk. It’s turning out to be a regular pattern with a user group meeting happening about once per month now. Our next meeting will be held at the Splunk Office in Plano, Texas on Tuesday, February 21 @ 6:00p CST.

Last month I attended the very first Dallas/Fort Worth Metroplex area Splunk users group and it was a great experience. I met several new Splunk customers as well as reunited with a couple existing ones that I hadn’t seen in a while. It was nice all around and I learned a lot. (http://www.meetup.com/Splunk/Plano-TX)

If you attended my technical presentation @ the Splunk 2010 users.conf event last called “Splunking Outside The Box“, then you’re probably aware of just how esoteric my thinking can be when it comes to creatively leveraging Splunk for the more non-sensible, yet highly educational use cases.

For example, I showed-off my Splunk for Texas Lotto App, which my team here @ Splunk uses each month to pick our “winning” numbers.

So far, we’ve won about $26…but we’ve spent ten times that amount along the way. But that’s beside the point.

Anyway, at this year’s conference I am hoping to avoid those everyday boring run-of-the-mill searches and get you thinking outside the box yet again.

Yes, I…

DFW Splunk User Group – Who’s In?

splunk> take the sh out of IT.

IMHO, this is our all-time best, most clever, and probably our most requested Splunk tag line (and Splunk t-shirt).

I will go as far as to say that this tag line, in some ways, put Splunk on the map in the minds of our earliest customers and still continues to imprint itself on our customers today more than ever (and probably will for a long time too).

And as you may be aware, other Splunk tag lines include:

• splunk> Finding your faults, just like mom.
• splunk> because ninjas are too busy
• splunk> All batbelt. No tights.

But what I really want to say…

I’ve had this topic come up in several technical conversations lately, so I thought I would blog about it now.

Situation: You have two different source types containing common key field values, but the actual name of the field itself is different within each of the source types.

Question: How do you produce a report within Splunk that correlates all of these fields values together under one normalized field name?

Answer: Use the new FIELDALIAS and EXTRACT features included with Splunk 4.0 to normalize the field name at search-time.

Example: Let’s suppose you have two different types of call detail records, each containing a number that represents the total duration in seconds that someone is on a…

After demonstrating the amazing features and capabilities of Splunk to numerous clients over the past couple years, I find that people still perceive it to be a very disruptive technology. So much so, it’s still difficult for some to truly understand the magic of Splunk.

They ask me “How is it that I can feed Splunk any kind of IT data I want, log files, SNMP traps, alerts, configuration files, xml, whatever, and know it will be indexed correctly?”

The answer is one of most powerful features of Splunk called Universal Indexing and, hopefully by the time you finish reading this article, you will have a better understanding of what that is and why it’s so powerful.

To start down…