Smart AnSwerS #52

Hey there community and welcome to the 52nd installment of Smart AnSwerS.

A BoardAtWork group was started at Splunk HQ for folks interested in, well, playing board games at work during lunch or after hours. We had our first game night earlier this week and had a nerdy great time…even though I was the first one dead 😛 Just glad to unwind and share my love for games with fellow Splunkers after a long day!

Check out this week’s featured Splunk Answers posts:

Why is the Host IP value from udp:514 syslog input incorrect for one device?

evgenyv was collecting syslog events through a udp:514 input and needed help figuring out why only one device was reporting a …

» Continue reading

Smart AnSwerS #51

Hey there community and welcome to the 51st installment of Smart AnSwerS.

Super Bowl 50 is making its way to the SF Bay Area next week, and traffic around HQ has been getting noticeably worse with Super Bowl City just a mile away. What does that mean? MOAR TRAFFIC and longer commute times ;( Luckily piebob, out of the kindness of her heart, gave the community team the OK to work from home amidst the sportsball madness. Such boss! So wow! Much thanks!

Important note: this week’s SFBA Splunk User Group meeting has been postponed to next week, Feb 10th, to avoid Super Bowl traffic as well!

Check out this week’s featured Splunk Answers posts:

How to create

» Continue reading

Smart AnSwerS #50

Hey there community and welcome to the 50th installment of Smart AnSwerS.

For the past year, Splunk User Groups were organized on meetup.com, but as of the end of 2015, we’ve now moved over to our very own shiny new site! Visit https://usergroups.splunk.com to explore the various groups currently established worldwide and meet fellow users that love all things Splunk in your local region. Log in with your splunk.com credentials, then learn and connect with the best community of folks around :)

Check out this week’s featured Splunk Answers posts:

Should I increase search head specs, add a new search head, or migrate to search head clustering for our growing Splunk environment and user base?

awendler was looking for …

» Continue reading

Smart AnSwerS #49

Hey there community and welcome to the 49th installment of Smart AnSwerS.

This just in! The next SplunkTrust Virtual .conf session is this Friday, January 15th @ 11:00AM PST. Come learn a thing or twenty with SplunkTrust members Duane Waddle and George Starcher as they cover their popular talk “Through the Lookups Glass”. Join the 30+ users on the event meetup page and RSVP to get your Splunk clue on!

Check out this week’s featured Splunk Answers posts:

Is there a way to know which fields were extracted at index-time vs search-time?

pduflot wanted to know if there was a search or something to look for in internal logs to determine if fields in search results were …

» Continue reading

Smart AnSwerS #48

Hey there community and welcome to the 48th installment of Smart AnSwerS.

First off, Happy New Year! I hope everyone had a great past couple of weeks and welcome back to the grind. Splunk HQ was on holiday for most of the last two weeks, though Team Support (and their hearts of gold) were around making sure you were all A-OK just in case. We’re all fully back in action this week, but looking forward to our annual company holiday party this coming Saturday. We have to gradually wean ourselves off the holiday vibe apparently 😛 Good luck with all things Splunk this year and enjoy the first set of Smart AnSwerS for 2016.

Check out this week’s …

» Continue reading

Smart AnSwerS #47

Hey there community and welcome to the 47th installment of Smart AnSwerS.

Team support at HQ will be doing its first ever Secret Cut-throat Santa (aka white elephant) gift exchange this Thursday, and all of HQ will be celebrating Festivus next week…but alas, I’ll be missing out on everything since I’ll already be out of town to visit home. It seems like this year has flown by incredibly fast, and it’s hard to believe this blog series is now just over a year old already! *confetti* With the holidays fast approaching, enjoy this last Smart AnSwerS installment for 2015 and see you all in the new year :)

Check out this week’s featured Splunk Answers posts:

How to map

» Continue reading

.conf2015 Highlight Series: On track for savings and performance… Aurizon rolls out Splunk Cloud

During .conf2015 we were pleased to play host to a session about one company’s transition to Splunk Cloud. Read on to learn more, but check the session recording for more details — and be sure to grab a copy of the presentation itself for reference.

AurizonMoving more than 250 million tons of commodities, Aurizon is one of the largest rail freight operators in Australia. Şebnem Kürklü, an information security manager, joined the company with a focus on improving IT security, vendor and service provider relationships, increase risk awareness in business units, and to leverage investment in current technologies. A full plate for anyone.

The Aurizon IT landscape
Aurizon outsources much of its IT to Fujitsu, though it maintains functions such …

» Continue reading

Smart AnSwerS #46

Hey there community and welcome to the 46th installment of Smart AnSwerS.

Last quarter, I started presenting to each cohort of Splunk new-hires every month about all the various Splunk Community programs and spaces to show how our awesome users from around the world connect with one another. One part of the presentation involves bringing up the Splunk User Group Slack channel live on screen for the community to give our brand new Splunkers a warm welcome and hello. This has turned into one of the biggest highlights as customers, partners, and fellow employees alike demonstrate why they are what make the Splunk community so successful, lively, and hilarious…and this includes sharing an old MySpace profile photo of me …

» Continue reading

Smart AnSwerS #45

Hey there community and welcome to the 45th installment of Smart AnSwerS.

We’re back in action after a much needed Thanksgiving break, and what better way to get back into the groove of all things Splunk with the SplunkTrust Virtual .conf session #3 happening tomorrow on Tuesday, December 1st, 2015 @ 11:00AM PST. Everyone is welcome as SplunkTrust member Gregg Woodcock presents on “The “Gotchas” of Splunk!” covering simple mistakes to make that are easy to overlook, difficult to diagnose, and can cause significant problems in your environment. Join us via WebEx and get your Splunk clue on!

Check out this week’s featured Splunk Answers posts:

How to apply search filters for user roles on lookup

» Continue reading

Smart AnSwerS #44

Hey there community and welcome to the 44th installment of Smart AnSwerS.

Have you been looking for an opportunity to expand your Splunk search fu? Look no further! As mentioned in a previous Smart AnSwerS post, come join 60+ RSVP’d users (and counting!) this Monday, November 23rd, 2015 @ 11:00AM PST in attending the SplunkTrust Virtual .conf Session #2. The presenter, Kyle Smith, will be covering his popular .conf2014 session “Lesser-known Search Commands”. Be sure to visit the Meetup page to RSVP, find the URL to the WebEx session, and come learn a thing or two with the rest of us next week :)

Check out this week’s featured Splunk Answers posts:

Is there a posted percentage

» Continue reading