A recent gathering of friends (a group of IT gray-hairs, artists, and lawyers) had got me thinking about IT as a profession, and the development of the industry since I got involved 20 years ago. The question posed to the group was about whether we would recommend our current professions to our children. This query, a few others, and perhaps one Liberty Ale too many had started me down the track of over-analyzing the state of IT today. I suppose I am both proud and terrified at the same time.

First, the goodness. As an industry participant, IT has come a long way. Collectively, we have successfully lobbied to become more than just a cost center. The ‘nerds in the back room’ have become intertwined with the business. IT now facilitates both cost savings and revenue generation. IT is the driving force and enabler of employee empowerment, productive mobility, and instantaneous communication. IT run systems facilitate negotiations, analyze deals and execute trades.

Well done, everyone. A big pat on the back to us all.

Before I start sharing the negatives, I should let you know that I still have faith in the future of IT. Skip to the end if you don’t care for the doom and gloom.

The 3.0 version of Splunk has introduced some wonderful new features such as advanced reporting, granular access control and a slew of additional functions to help you search through your IT data. One of these newly released functions is the extract command. This works very nicely with Splunk’s revamped facility to add, view, and access field names. Here is a quick primer on creating field definitions and using the extract command to have those definitions reloaded automatically.

Splunk has always done a great job at allowing you to search on any text from any data source. Splunk even goes one step beyond this and automatically defines named fields data that shows up in a Keyword = Value (KV) pair. If my data contains text that looks like

username=sparky