Blogs: Michael Wilde

Today’s SplunkTalk is a chat about a few recent experiences with folks we’ve been helping. First up, SplunkNinja was working with someone who had a production Rails app. This user had some challenges getting a universal forwarder to work as they weren’t aware that the Splunk Command Line Interface (CLI) is a great way to make changes to the forwarder without monkeying around with config files such as “outputs.conf”. “splunk add forward-server” and “splunk list forward-server” are two of my favorite. Fast, easy, reliable. Next up, adding data. Editing inputs.conf? Bah Humbug! use “splunk add monitor (file/directory)”. No restarts needed! But sometimes how and where splunk stores user created objects (inputs, searches, fields) is unclear–we cover that in this…

So there are 80+ search commands. Every so often we run across one we’ve never used. This week, “we” is Wilde. Maverick holds a CLINIC on the “set” search command. Not so fast, listener/reader–we’re not talking about setting a variable or field (Which you can do with “veal”). This is more about working with two “sets” of results and looking for differences, union, intersection to use them to make some interesting decisions about your data. Rumor has it there’s a “Splunk Book” being written. Wilde is gaga about Splunk 4.3 (coming soon!). Maverick hosted the inaugural Dallas Splunk Users Group. One user has 32 indexers. Yeah. THIRTY TWO INDEXERS. Like a boss!

Episodes are recorded live every Friday at…

Its Saturday Evening (Dec 3, 2011), a little after 10pm right now in Austin Texas, and i’ve got to tell you this story.

A short while ago, I was just on the couch in my living room, watching the movie “Super 8“. My two kids had fallen asleep next to me. Look at them. So peaceful. Someday ‘ll show them that picture when they’re older and being “not so peaceful”. Back to my story…

Super 8 was…well…kinda “ok”. The movie just ended and being the Apple Fanboy i am, my iPhone was sitting on the arm of my couch. Out of it comes that familiar “ping” sound when a new email comes in. As i am now…

When you hit sixty, isn’t that time for a mid-life crisis? Perhaps, but not this crew. We’ve been SplunkTalk’in for sixty episodes now. One might say its our “diamond anniversary”. Why not. This week we’ve got a few questions for ya and some learning even mid-episode. Splunk Ninja answers a question that new users might have around re-enabling the web interface on a “light or heavy” forwarder. Maverick answers a really neat question around reporting on top 5 daily java exceptions and how to dynamically generate dashboard panels–and Wilde learns about the “accum” search command in the context of Mav’s answer. In the “What did we learn this week” segment, Ninja discusses a bit about the forthcoming MySQL lookup plugin…

Greetings friends! Its time for another cozy chat with (maybe) your favorite nerds, Maverick Garner and Michael Wilde, the Splunk Ninja. On this week’s episode we have a chat about using Splunk’s Deployment Monitor app to take a gander at nodes not reporting in when you hope them to be. Setting up alerts might be the answer–perhaps? Maverick answers a question on access control based on information in a lookup (which may not be totally possible) but the discussion is interesting. The real fun part about this episode is in the title “Schooled by the n00b”. One of our favorite Splunker’s supern00b Jesse Miller schools us by teaching Wilde a little thing about field extraction. Jesse’s not really a n00b anymore–after all he’s been at Splunk for 7 months and rocks!!!! Simon Shelston wrote a sweet blog post about how to detect anonymous proxies hitting your servers. We highly recommend you check this out as the technique is quite good!. We’re looking for feedback on how to make the Splunk community much better. Feedback please!

Episodes are recorded live every Friday at 11AM Central Time – Email us at splunktalk@splunk.com to ask questions and have them answered on air!

Greetings to all fine feathered SplunkTalk listeners. Maverick and SplunkNinja are back in the saddle again. A few vacations, user conference, travel and other stuff has kept us from releasing some episodes–but thats all in the past now. Episode 58 returns to our traditional Q&A format. On the docket for this episode is a discussion around disk sizing, I/O (IOPS), disk performance and some recommendations on storage. Wilde asks Maverick a question on High CPU usage on Splunk startup due to massive file monitoring and some recommendations on dealing with that challenge. In our “what did we learn this week” segment, Wilde learned about a really cool OS X app called “FlashFrozen” that monitors the Flash process and warns/kills when it gets over 30% CPU usage–a.k.a (CPU Low Power Mode). All sorts of nerdy Splunky stuff including outputlookup, xpath, xmlunescape and the usual ridiculousness is back on schedule!

Episodes are recorded live every Friday at 11AM Central Time – Email us at splunktalk@splunk.com to ask questions and have them answered on air!

From a series of live on camera interviews at Splunk’s User Conference 2011 comes an interview two epic Support Splunkers Octavio DiScuillo and Mick Shanaghy. Always a hoot, Mick and Octavio give us a great overview on the Splunk on Splunk or “S.o.S” app available on SplunkBase.com right now. S.o.S is an app that our support team built to help diagnose issues in your splunk deployment. Now, you get to have that very tool. I love it!

From a series of live on camera interviews at Splunk’s User Conference 2011 comes an interview with founding SplunkTalk personality Jeff Blake and his buddy Sparky from Splunk Partner Forsythe. With the original three (Wilde, Maverick & Blake) and anyone name Sparky is guaranteed to be an awesome time.

Episodes are recorded live every Friday at 11AM Central Time – Email us at splunktalk@splunk.com to ask questions and have them answered on air!

From a series of live on camera interviews at Splunk’s User Conference 2011 comes an interview with “original Splunker” Nick Mealy. Nick is primarily responsible for everything you see in Splunk. While at splunk, he pretty much engineered most of the user interface from 1.0 to 4.2. Nick is truly a ninja when it comes to stuff that gets painted in a web browser. Nick’s newest venture is “Sideview“. A company dedicated to building business-level Splunk apps. Nick shares history, perspective and some interesting conversation around some of his latest apps! Bow down to theMealy!

Episodes are recorded live every Friday at 11AM Central Time – Email us at splunktalk@splunk.com to ask questions and have them answered on air!…

From a series of live on camera interviews at Splunk’s User Conference 2011 comes an interview with Splunk Customer Mark Frost. Mark’s been listening to SplunkTalk for a while now. He always has great suggestions for us. Mark gives his take on Splunk’s User Conference and the challenges around being a Splunk champion internally. Mark is the best!

Episodes are recorded live every Friday at 11AM Central Time – Email us at splunktalk@splunk.com to ask questions and have them answered on air!

if (WIDGETBOX) WIDGETBOX.renderWidget(’746557f7-7d3f-471c-a54a-3a3f32fd060d’);Get the Mp3 Player Widget widget and many other great free widgets at Widgetbox! Not seeing a widget? (More info)