Happy New Year and thanks to everyone who has been subscribing to my blog recently. I greatly appreciate it!

Every week people ask me to show them how to use Splunk to stitch together multiple events that might exist in different locations within different sources because, from an IT perspective, they are considered to be part of larger transaction groups. They tell me they want to know how to do this because the ability to trend against transitively-related events becomes very powerful in helping them understand the reality of IT operations and how efficiencies can be increased and costs can be more quickly and significantly reduced.

I thought I would share a quick example of how to do this using the transaction command.

Let’s start with a couple sample user activity log files containing some events that are related by multiple keys. Take a moment to study the two following sample activity log files and notice how the user and session key values are related between the files.

Dear CEO, CTO, CIO, and other Company Leaders,

Consider this letter a wake-up call.

As an individual responsible for setting the vision of your company, please be aware that the people who work for you now, those smart, intelligent, high-tech individuals who believe in your vision, who are extremely proud of serving you, do not want to let you down.

Every day, these individuals work hard for you and you pay them well for their services. They are system and network administrators, security analysts, application developers, infrastructure architects, QA testers, and various other IT consultants.

As these individuals attempt to move your company forward towards explosive growth and expansion, incredible innovation, and unbounded profitability, you are either not aware of or not focusing enough on “how” they are striving to realize your vision and make it a reality.

Of course, you are probably thinking it’s not your job as a company leader to worry about “how” things are done so much as “why” or “when“. After all, that’s what being a company leader is all about, right?

Indeed, this may be true, but the reality is you need to be aware of the “how” more now than ever.

…actually a couple ideas for songs about Splunk have made their way into my geeky little brain since my last blog post. Yeah, yeah, I know what you’re saying…”Hey Maverick, the world doesn’t need another nerdy song about an IT Search Platform.” My natural response is, you’re probably right, but I can’t help myself. I’m a nerd, a songwriter, I love Splunk: I have no choice!

So where’s the mp3, dude?!

Truth is, I am just too damn busy these days to spend time on it. That is one of the reasons why I haven’t posted a new blog entry since September of last year. Turns out the demand for Splunk has increased significantly since then, which means I am traveling more now, giving more Splunk demos and presentations, and assisting more companies with their Splunk evaluations than ever before. Don’t get me wrong, I love writing songs, but nothing is more satisfying than traveling across Midwest America to show off a product as cool as Splunk.

And when I say “travel”, boy do I mean “TRAVEL”!

As we say here in Dallas, TX, YEEEEEEEEEE-HAW!!!1!11!!

Splunk 3.0 is GA now!!!!

In celebration of this wonderful day, I would like to redirect you to a previous blog article regarding a song I wrote about being a Splunk user. It’s real geeky, I admit, but hey, if you use Splunk or are thinking about it, I’m am sure you can relate to it. And if you are a long-time customer already, well, then,…you know doing geeky stuff like this is part of being a Splunkhead.

Check out my rap song called “Splunk IT”

Also, if you have a sysadmin that is an absolute rockstar where you work, please go and nominate them for Sysadmin of the Year. Let us know what makes them a rockstar in your eyes and they might win some fabulous prizes, like a new guitar, laptop, a case of redbull, etc. Do it now!

After being extremely inspired by all you die-hard Splunk fans out there, I decided to lay down some high-tech “geeky” rhymes over some old familiar classic rock riffs, including Queen’s “We Will Rock You”, Rush’s “Tom Saywer”, and AC/DC’s “Back In Black”. So…

Here are the sick lyrics, dog!

Splunk IT (a rap by Eric “Maverick� Garner)
Copyright © 2007, Garner. All rights reserved.

We got all kinds of issues occurring in the system
They’ve always been there, but I guess we just missed ‘em
We need Splunk to help troubleshoot it
We got Red Hat 3.0, so we won’t have to chroot it

Yo, we got hundreds of servers in multiple locations
And the IT folks are venting all their frustrations
Telling me that grep is a bottleneck
We need something better, we need to Splunk IT

Oooooohhhh We need to Splunk IT
Yo, Yo, I’m telling you, dog, we need to Splunk IT
Oooooohhhh We need to Splunk IT
(Word to your mother)

Recently, I received an email from a client that was struggling with a Splunk configuration issue. He was a sysadmin trying to figure out how to setup Splunk-2-Splunk within his private testing environment. The specific issue he was encountering was not so much related to the Splunk software not working or throwing an exception, etc. But rather, it was more about him trying to understand the “how to” part of Splunk-2-Splunk.

I think anytime you have a technical IT tool like Splunk combined with the ability for a technical person to download, install, and evaluate it for FREE, you will also have plenty of “how to” questions that will naturally accompany those evaluation efforts.

With this said, I want to remind all you technical folks, especially those of you who may still be struggling with the HowTos of Splunk, that as Sales Engineers, it’s our job to provide you with the HowTo support you need during your evaluation of Splunk. In a way, you can think of us as Splunk’s HowTo Team, always willing and able to discuss and recommend the best ways to configure and test out Splunk. It’s our job to make sure you understand all of the technical features and how best to leverage them for your specific needs. And, it’s also our job to help you develop a strong business case for purchasing a Splunk license based on the technical benefits. That way, your manager or director can more easily justify the purchase of that license for you. And, if you are like me, more often than not you need all the justification you can get.