Smart AnSwerS #61

Hey there community and welcome to the 61st installment of Smart AnSwerS.

I just had the pleasure of joining over 60 Splunk users for the April SplunkTrust Virtual .conf session on Best Practices for Splunk SSL by dwaddle and starcher. You can find the recording and slides for this and previous presentations on the Virtual .conf wiki page in case you missed out. For those of you in the San Francisco Bay Area that want to continue getting your Splunk clue on, come out to the SFBA Splunk User Group meeting at Splunk HQ next Wednesday, May 4th @ 6:30PM PDT. Becky Burwell from Yahoo!/Flickr will give a talk on batch search parallelization, and Sasha Velednitsky

» Continue reading

Smart AnSwerS #60

Hey there community and welcome to the 60th installment of Smart AnSwerS.

Hot off the press! The next SplunkTrust Virtual .conf Session has been scheduled for next Thursday, April 28th, 2016 @ 9:00AM PST. Duane Waddle and George Starcher will be giving their popular talk “Avoid the SSLippery Slope of Default SSL”, which has been used and referenced far and wide among the Splunk community in the past couple years. See what the hype is all about by visiting the Meetup page to RSVP and find the WebEx link to join us next week!

Check out this week’s featured Splunk Answers posts:

How to put an expiration date on a set of saved searches or alerts

» Continue reading

Smart AnSwerS #59

Hey there community and welcome to the 59th installment of Smart AnSwerS.

There’s a tradition at Splunk where “something” happens to or around your desk if you take PTO for at least 2-3 weeks. When piebob left for the UK late last year, she returned to Splunk HQ with a completely homemade replica of the cruise ship she took on her trip abroad which spanned the entire length of her desk. This week, support engineer DerekB just came back from paternity leave to find a hybrid Audi baby stroller made entirely out of cardboard with fully functional wheels. To top it off, it’s parked right behind me and Derek’s (pouty) face was printed out and tacked on to a …

» Continue reading

Smart AnSwerS #57

Hey there community and welcome to the 57th installment of Smart AnSwerS.

Feels good to be back in action after a 3 week break, minus coming down with the flu, but that hasn’t completely stopped me from shifting my brain back into Splunk mode. Even though I’ve had to spend recovery time working from home, I was still able to join in on the SplunkTrust Virtual .conf March Session on “Grouping with stats: practical concerns and best practices” presented by Nick Mealy, aka sideview. You can visit the Meetup page to find the link to the recording in case you missed out and stay tuned for the next session.

Check out this week’s featured Splunk Answers posts:

How

» Continue reading

Smart AnSwerS #56

Hey there community and welcome to the 56th installment of Smart AnSwerS.

We just hosted the March SF Bay Area User Group meeting last night at Splunk HQ and had a great conversation about various real and hypothetical security scenarios in spirit of RSA. It was awesome to hear a mix of experiences and lessons from Splunkers, partners, and customers. If you want to learn about all the juicy details from the meeting, visit the #sfba channel in our Splunk User Group Slack Chat where smoir (thank you!) “liveslacked” all the key topics discussed. It will only be available to view for a limited time, so act fast! Otherwise, feel free to hang out in that channel during …

» Continue reading

Smart AnSwerS #55

Hey there community and welcome to the 55th installment of Smart AnSwerS.

Next Wednesday, March 2nd @ 6:30PM, Splunk HQ will be hosting our monthly SF Bay Area User Group meeting. Since it’s during RSA, topics covered will be related to *drum roll*…SECURITY! If you happen to be local or visiting from out of town for the conference, come join fellow users over pizza and beer and listen to a talk from Monzy Merza, Chief Security Evangelist at Splunk. Be sure to visit the user group event page to RSVP and stay updated on the tentative agenda. Hopefully see you next Wednesday!

Check out this week’s featured Splunk Answers posts:

How to combine my two searches to

» Continue reading

Smart AnSwerS #54

Hey there community and welcome to the 54th installment of Smart AnSwerS.

Next Tuesday, February 23rd, 2016, we’ll be having our SplunkTrust Virtual .conf session #4 from 12:00PM to 1:00PM PST. SplunkTrust member Mark Runals will be presenting his .conf2015 session “Taming your Data”, featuring the data onboarding maturity scoring model and dynamically having Splunk detect mis-categorized sourcetypes. Visit the event meetup page to RSVP and join the 35+ users and counting via Webex next week!

Check out this week’s featured Splunk Answers posts:

Is it recommended to install a universal forwarder on thousands of workstations or on a few dedicated syslog/Windows Event Collector servers?

flee needed to forward Windows events from about 6000 Windows workstations …

» Continue reading

Smart AnSwerS #53

Hey there community and welcome to the 53rd installment of Smart AnSwerS.

With Super Bowl 50 madness phasing out this week, our rescheduled San Francisco Bay Area User Group meeting is a go for tonight at Splunk HQ! Splunker Erik Cambra will be giving a talk on how Splunk splunks…(drum roll)…Splunk! If you happen to be in the area, come on by! If you can’t grace us with your presence because you’re miles away, then be sure to check out the Splunk User Groups site to find an upcoming meeting near you :)

Check out this week’s featured Splunk Answers posts:

Why am I getting inconsistent event counts when using wildcard characters to match event field values?

splunkIT was …

» Continue reading

Smart AnSwerS #52

Hey there community and welcome to the 52nd installment of Smart AnSwerS.

A BoardAtWork group was started at Splunk HQ for folks interested in, well, playing board games at work during lunch or after hours. We had our first game night earlier this week and had a nerdy great time…even though I was the first one dead 😛 Just glad to unwind and share my love for games with fellow Splunkers after a long day!

Check out this week’s featured Splunk Answers posts:

Why is the Host IP value from udp:514 syslog input incorrect for one device?

evgenyv was collecting syslog events through a udp:514 input and needed help figuring out why only one device was reporting a …

» Continue reading

Smart AnSwerS #51

Hey there community and welcome to the 51st installment of Smart AnSwerS.

Super Bowl 50 is making its way to the SF Bay Area next week, and traffic around HQ has been getting noticeably worse with Super Bowl City just a mile away. What does that mean? MOAR TRAFFIC and longer commute times ;( Luckily piebob, out of the kindness of her heart, gave the community team the OK to work from home amidst the sportsball madness. Such boss! So wow! Much thanks!

Important note: this week’s SFBA Splunk User Group meeting has been postponed to next week, Feb 10th, to avoid Super Bowl traffic as well!

Check out this week’s featured Splunk Answers posts:

How to create

» Continue reading