Happy New Year and thanks to everyone who has been subscribing to my blog recently. I greatly appreciate it!

Every week people ask me to show them how to use Splunk to stitch together multiple events that might exist in different locations within different sources because, from an IT perspective, they are considered to be part of larger transaction groups. They tell me they want to know how to do this because the ability to trend against transitively-related events becomes very powerful in helping them understand the reality of IT operations and how efficiencies can be increased and costs can be more quickly and significantly reduced.

I thought I would share a quick example of how to do this using the transaction command.

Let’s start with a couple sample user activity log files containing some events that are related by multiple keys. Take a moment to study the two following sample activity log files and notice how the user and session key values are related between the files.

…actually a couple ideas for songs about Splunk have made their way into my geeky little brain since my last blog post. Yeah, yeah, I know what you’re saying…”Hey Maverick, the world doesn’t need another nerdy song about an IT Search Platform.” My natural response is, you’re probably right, but I can’t help myself. I’m a nerd, a songwriter, I love Splunk: I have no choice!

So where’s the mp3, dude?!

Truth is, I am just too damn busy these days to spend time on it. That is one of the reasons why I haven’t posted a new blog entry since September of last year. Turns out the demand for Splunk has increased significantly since then, which means I am traveling more now, giving more Splunk demos and presentations, and assisting more companies with their Splunk evaluations than ever before. Don’t get me wrong, I love writing songs, but nothing is more satisfying than traveling across Midwest America to show off a product as cool as Splunk.

And when I say “travel”, boy do I mean “TRAVEL”!