Splunk Add-on > Where’s That Command – Converting a Field’s Hexadecimal Value to Binary

When looking through Splunk’s Search Reference Manual, there are a ton of search commands with their syntax, descriptions, and examples.  After all, if Splunk is the platform for machine data, there needs to be an extensive list of commands, functions, and references that guide Splunkers through the Search Processing Language (SPL).  But one would think that we had everything covered, right?  Well, almost….

I have a couple of great customers from the Houston, Texas area to thank for this.  Gabe and Andrew (you know who you are) are not only strong Splunkers, but frequent the Splunk Houston User Group (SHUG) meetings and are always looking for ways to expand their use of Splunk as well …

» Continue reading

Splunk Command> Replace : Granular Details Are Great, But I Need a Consolidated View

When digging into data, finding the details and breaking those out part by part is a great use case for Splunk.  But what about when you need to see a more consolidated view at a higher level and just know all the little details as one line item detail?  Enter the replace command.

My experience recently came about where a customer was looking for a way to take some of their accounting data and create just one line item for multiple vendor payee names.  The idea was that the cost centers were all the same, but depending on what division within the vendor their company made a purchase from the same vendor had a variety of names.  Having the same …

» Continue reading