Smart AnSwerS #52

Hey there community and welcome to the 52nd installment of Smart AnSwerS.

A BoardAtWork group was started at Splunk HQ for folks interested in, well, playing board games at work during lunch or after hours. We had our first game night earlier this week and had a nerdy great time…even though I was the first one dead 😛 Just glad to unwind and share my love for games with fellow Splunkers after a long day!

Check out this week’s featured Splunk Answers posts:

Why is the Host IP value from udp:514 syslog input incorrect for one device?

evgenyv was collecting syslog events through a udp:514 input and needed help figuring out why only one device was reporting a …

» Continue reading

Smart AnSwerS #51

Hey there community and welcome to the 51st installment of Smart AnSwerS.

Super Bowl 50 is making its way to the SF Bay Area next week, and traffic around HQ has been getting noticeably worse with Super Bowl City just a mile away. What does that mean? MOAR TRAFFIC and longer commute times ;( Luckily piebob, out of the kindness of her heart, gave the community team the OK to work from home amidst the sportsball madness. Such boss! So wow! Much thanks!

Important note: this week’s SFBA Splunk User Group meeting has been postponed to next week, Feb 10th, to avoid Super Bowl traffic as well!

Check out this week’s featured Splunk Answers posts:

How to create

» Continue reading

Splunk and the art of refrigerator maintenance.

Over the Australia Day long weekend here in sunny Brisbane, Queensland, a buddy of mine and I started noticing that his fridge didn’t seem very cold – meaning that the beer was not cold, clearly a drastic problem. No matter how far down we turned the thermostat, the fridge just wouldn’t cool down. He wasn’t sure if he was imagining it, or if it had always been that way. My buddy didn’t really want to go out and buy a new fridge and wanted to try and fix it himself, however had no idea if any of the changes we’d made to the fridge were making it better or worse.

My buddy works for a Splunk partner and IoT company

» Continue reading

Smart AnSwerS #50

Hey there community and welcome to the 50th installment of Smart AnSwerS.

For the past year, Splunk User Groups were organized on, but as of the end of 2015, we’ve now moved over to our very own shiny new site! Visit to explore the various groups currently established worldwide and meet fellow users that love all things Splunk in your local region. Log in with your credentials, then learn and connect with the best community of folks around :)

Check out this week’s featured Splunk Answers posts:

Should I increase search head specs, add a new search head, or migrate to search head clustering for our growing Splunk environment and user base?

awendler was looking for …

» Continue reading

Smart AnSwerS #49

Hey there community and welcome to the 49th installment of Smart AnSwerS.

This just in! The next SplunkTrust Virtual .conf session is this Friday, January 15th @ 11:00AM PST. Come learn a thing or twenty with SplunkTrust members Duane Waddle and George Starcher as they cover their popular talk “Through the Lookups Glass”. Join the 30+ users on the event meetup page and RSVP to get your Splunk clue on!

Check out this week’s featured Splunk Answers posts:

Is there a way to know which fields were extracted at index-time vs search-time?

pduflot wanted to know if there was a search or something to look for in internal logs to determine if fields in search results were …

» Continue reading

Smart AnSwerS #48

Hey there community and welcome to the 48th installment of Smart AnSwerS.

First off, Happy New Year! I hope everyone had a great past couple of weeks and welcome back to the grind. Splunk HQ was on holiday for most of the last two weeks, though Team Support (and their hearts of gold) were around making sure you were all A-OK just in case. We’re all fully back in action this week, but looking forward to our annual company holiday party this coming Saturday. We have to gradually wean ourselves off the holiday vibe apparently 😛 Good luck with all things Splunk this year and enjoy the first set of Smart AnSwerS for 2016.

Check out this week’s …

» Continue reading

An Hour of Code with Splunk


The Hour of Code is a global effort to educate children in more than 180 countries with as little as one hour of computer science. Held as part of Computer Science Education Week (December 7-13), the most recent Hour of Code included more than 198,473 events around the world. And this year, several Splunkers taught sessions in events across the country.

Here in the Seattle Area, Shakeel Mohamed, one of our engineers, taught sessions on Lightbot and Minecraft at Rainier View Elementary School, and I had the pleasure of teaching approximately 150 students at Ingraham High School an hour about log / time-series data and how to mine it with Splunk. The courses are a challenging mix of students …

» Continue reading

Tis the Season to Code For Fun!

By Ajit Deshpande

Happy New Year! The holidays are a great time to spread cheer and to raise awareness for causes of all shapes and sizes. Here at Splunk, we’re a slightly different breed: personally, I like to Code for Fun.

As we all know, Computer Science is becoming increasingly important for students to learn.  Exposing students to programming increases their chance by 30 percent to continue in the field later on in their studies, and to get one of the most amazing jobs available. And yet, by 2020, colleges are expected to graduate only 13 percent of the total computer science engineers needed in the United States.


Hour of CodeOne way to fill this gap is with STEM education (Science, Technology, Engineering …

» Continue reading

The twelve days of (Splunk) Christmas


‘Tis the season to be blogging. We’ve had “The twelve days of (IT) Christmas” and to end the year I thought it was time for “The twelve days of (Splunk) Christmas”. It has been a big year with the launch of IT Service Intelligence, User Behaviour Analytics and new versions of Splunk Enterprise, Splunk Cloud, Hunk, Enterprise Security and Splunk Light. I thought I’d try and incorporate something from each in a festive Operational Intelligence ditty. Enjoy!


On the first day of Christmas my true love gave to me
Glass tables for all of IT


On the second day of Christmas my true love gave to me
Two breach attacks
and glass …

» Continue reading

Smart AnSwerS #47

Hey there community and welcome to the 47th installment of Smart AnSwerS.

Team support at HQ will be doing its first ever Secret Cut-throat Santa (aka white elephant) gift exchange this Thursday, and all of HQ will be celebrating Festivus next week…but alas, I’ll be missing out on everything since I’ll already be out of town to visit home. It seems like this year has flown by incredibly fast, and it’s hard to believe this blog series is now just over a year old already! *confetti* With the holidays fast approaching, enjoy this last Smart AnSwerS installment for 2015 and see you all in the new year :)

Check out this week’s featured Splunk Answers posts:

How to map

» Continue reading