This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: docs are better with lens flare,  some of the best jokes don’t need linebreaking, the .secret of anonymous bind and puppet:

Splunk Docs> Into Dorkness

Our docs site got a little design rework recently:

<cerby> getting used to the new look.
<jspears> I thought I noticed something different yesterday
<@cgales> some slight adjustments to the doc site styles are coming soon, and repairs to a couple of things that broke (like indented lists, which really messed up the search reference)
<duckfez> cgales: can you add just a little more metallic lens flare?  :D
<^Brian^> blink…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: Splunk can tell you if you have the Darkleech, the return of Answers from the past, ruining you for all other vendors, short but wise (like Yoda), badgers.

Splunking your apache logs?

Team regex helps you protect against the Darkleech malware:

<^Brian^> http://arstechnica.com/security/2013/04/exclusive-ongoing-malware-attack-targeting-apache-hijacks-20000-sites/
<@Splunky> ^Brian^’s URL: “Exclusive: Ongoing malware attack targeting Apache hijacks 20,000 sites | Ars Technica”
<^Brian^> fyi
<^Brian^> \/[a-f0-9]{32}\/q.php <- for those of you splunking your apache logs..regex to pick up the hijack
<jtrucks> ^Brian^: awesome, thanks.
<jtrucks> ^Brian^: so like this? rex _raw=”\/[a-f0-9]{32}\/q.php”
<jtrucks> my brain will not engage today.
<^Brian^>…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: Splunk Singles, they always come back in the end, what happens when users set their own schedules, and the nature of Batman’s poop:

#splunk can help you get a date

Knowledge is always attractive:

<trakz> Man…. decent field extractions in splunk are really hard for complex log types. Wish someone had a cookbook for that.
<alacer> trakz: explain.
<trakz> For example anything windows based (IIS, Event Logs) seems to follow somewhat random formatting.
<alacer> I’m working on an IIS TA for Splunk.
<trakz> are you dating anyone?
<alacer> I’m married.
<trakz> lol

A prodigal

…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: the cocaine-addled squirrel method of software testing, putting the auto(bot) in automatic lookups, sometimes text adventures are dangerous:

We’re helping!

Trakz built an amazingly cool graphical field/index explorer. Seriously, check this thing out, it’s AWESOME:

<trakz> I continually lose track of which fields are common across indices in my environment. So i built a index/field explorer in D3 to help me find them: http://bl.ocks.org/4543583
<trakz> v2 will include the search term to cut ‘n paste!

and then…the #splunk channel helps trakz ‘debug’:

<trakz> (there are still some bugs I need to iron out, ie. selecting dozens of fields eventually has odd…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: a lost child finds his home, a different kind of language barrier, and indexing volume is in the eye of the beholder.

At last…our ninja has come along

The infamous Wilde learns what he’s been missing:

<SPLKNinja> I’m never in IRC.. like 5 times in all my career at Splunk.. how stupid of me.. this place is great.
<SPLKNinja> i’m hooked.

Me fail English? That’s unpossible!

We’ll start to worry if you start speaking in regexes

<jtrucks> is there a way to have splunk tell me how much storage space is used by a certain type of traffic…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: Wired vs wireless, the big data bang, tooting our own horn:

The eternal pursuit of connectivity

There’s a “urine trouble” joke in here somewhere, but I’m not going to go looking for it:

<duckfez> I have two wifi deadspots in the house … my side of the bed, and the toilet.  You can see how both of those must be resolved
<mlanghor> lmao duckfez
<@amrit|wrk> haha
<jspears> I had a CTO way back when who made sure there was a jack in the bathroom when he wired his house
<duckfez> if linksys had not gotten cheap,…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: A little end of the world^Wyear silliness:

Happy Splunkmas!

A festive twofer

<ftk> merry christmas to all
<ftk> or festivus or whatever floats your boat
<alacer> water floats my boat
<rayutsw> i think displacement OF water floats your boat
<ftk> i wasnt gonna go there
<alacer> fine, if you want to get technical
<jmccord> at least he didn’t say sulfur hexafluoride

…

<amirite> hey guys, anyone of you done any analytics on what gifts you can buy for your parents?
<amirite> and 15 and 25 year old girls?
…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: two twofers: Windows is everyone’s favorite thing, making sure the message gets through.

The joy of Windows

A twofer:

<snowmizer> suppose there’s always the tried and true windoze troubleshooting tool…reboot
<duckfez> I have listened to Nyan Cat for 1.5 hours now
<TheBeege> duckfez: win
<madscient> we need about 10 unwanted windows machines and we can film a little short entitled “have you tried throwing it across the room?”
<duckfez> it’s possibly the only thing keeping me sane today
<snowmizer> I’m about to do that with my storage array and the esx hosts
<snowmizer> that are on…

This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: a regex awakening, adventures in origami, that pesky apostrophe, and Chuck Norris:

…And regex was the new law of the land

Once your head explodes, your mind is much more open, it stand to reason:

<PaulB|wrk> who needs Delims  when you havve regex
<PaulB|wrk> I have been blind all this time
<PaulB|wrk> must be the windows world i live in
<duckfez> PaulB|wrk: the guy whose head exploded from too many “([^,])+,([^,]+),” regexes
<PaulB|wrk>

Note: cape does not enable wearer to fly

However, the search language book does provide a bit of a…

Earlier this year, I had the opportunity to meet with administators and educators from San Jose State University’s College of Sciences to discuss the idea of a Big Data program that would include courses for data analysts, systems administrators, and interdisciplinary teams. This brainstorming session led to the inception of an experimental CS course offered for the first time this fall at SJSU: CS-185C, “Big Data Processing.” The SJSU course catalog describes the course thusly:

…