Recently, I’ve been thinking long and hard about blogging. People get on my case because “the ninja hasn’t blogged lately”. They’re right. I do understand that when you have go so far as to actually establish some sort of audience–in my case–Splunk related content consumers, you owe it to them to keep the content up. In fact I do cherish the one thing any reader does give (which is the best possible gift)–your attention. You have my word I shall publish much more.

What I’d ultimately like to do is use something like Twitter to create microblog feeds that pipe directly in to WordPress, and are delivered to the blog as posts, or whatever. Technically Twitter competes–in a small way–with WordPress, but who cares. What I need is a content publishing platform that will handle the *hopefully* well thought out blog posts, and immediate “thought spitting”, as i call it. I like Twitter because I can spit out what I’m thinking right now and with its forced brevity of 160 characters per post, i’m more likely to finish. On top of that, Twitter is near-real-time publishing with zero steps other than “speak, you geek!”

Example “thought spit”: Here’s a way cool search for dhcp “dhcpd via | transaction fields=mac_address maxspan=5″

That single thought has value, in the same way that if i was watching over your shoulder when you were using Splunk and told you to run that command. You would see the results and value quite quickly–in the above case, the assembly of an entire DHCP transaction from a single search command.

While I don’t think I really have A.D.D., it is a metaphor on how my brain handles all of the text info coming in from email, calendar, SMS, Splunk, customers, users, and every other input–including Twitterer’s I personally follow. I am trying to figure out the right balance of how to:

1. 1. Educate people about Splunk
2. 2. Teach them cool stuff
3. 3. Enable them to do both #1 and #2
4. 4. Foster more new users and customers of Splunk, which hopefully is a result of #1 + #2 + #3

I’ve been working on a cool video on how to use Amazon’s EC2 service with Splunk. Look forward to that, but in the mean time, watch my Splunk employee profile video–and follow me on Twitter if you want (details at end of video). I’m nuts, you have been warned.

Bookmark it to Digg or del.icio.us

I think Splunk 3.0 is so cool, i made a 47 second movie out of it. Check it. Its done in iMovie 8 — Just came out today. I did it in 16×9 resolution and have included a small(er) copy for your iPhone. Yes, Splunk Support staff, I admit it, I am a fanboy.

Note: You will need headphones or speakers. Turn it up, rock out, then download Splunk 3.

Splunk 3.0 - The Movie
Full Size 16×9 Version (8.8MB)

iPhone Version (4.2MB)

Bookmark it to Digg or del.icio.us

One of the coolest (and there are a lot of cool things about Splunk) things you can do with Splunk is mapping a transaction. Many times, what some consider a “transaction” may be the linkage between events often by multiple common factors. At Interop 2007 in Las Vegas this year, the network management team used Splunk to very simply see the entire set of DHCP events (or transaction) — why? When you hop on a network and get an IP address for your computer, four events actually occur, a DHCP Discover, Offer, Request, Acknowledge. Those four events occurring for your machine/computer/MAC address confirm that you got on the network and are as happy as a clam–hopefully.

In Splunk, we can easily link all four of those events (or the lack thereof) together in a “meta-event”, or an “event of events”. Using meta-events, we can create a whole new category of “success/failure” checking by using the combination of those events to focus on and isolate a user’s activity amongst everything else that’s going on.

I’ve featured Splunk 3.0 in this video, however these same techniques can be done in Splunk 2.2 with some slight modifications to the syntax.

No “funny SplunkNinja episode” here, I had to whip it out much quicker than a SplunkNinja video–but don’t worry, ninja’s in the dojo, workin on more media for you. In the mean time, check this out this quick How-To (there is video and audio as usual):

Blogged with Flock

Tags: splunk, front

Bookmark it to Digg or del.icio.us

Greetings friends.. the Curse of the Golden Logfile has been lifted and the Splunk Ninja is back at last!…In this episode the SplunkNinja will demonstrate the simplicity setting up Splunk-2-Splunk. Follow along and the SplunkNinja will guide you through a complete setup.. This 5 minute video is a good primer for anyone who needs Splunk to forward events to a master Splunk server in real time!

Full Quality - Quicktime (MOV) format - 18MB

Video Podcast Quality (M4V) MPEG-4 format - 10MB

Please comment if you’d like to see different videos. The SplunkNinja will gladly all you to watch him destroy any IT data problem for you!

Bookmark it to Digg or del.icio.us

Gotta love this blog post from Jason, who attended the RSA Conference in SF yesterday:

(here’s the snippet)

“I also met the guys (and gals) from Splunk. The coolest shirt ever. I’m posting pics when I get back. It involves ninjas…”

http://www.likertland.com/blog/2007/02/05/monday-at-the-rsa/

SplunkNinja loves this guy!

Bookmark it to Digg or del.icio.us

Ninja clan.. Splunk has been cool enough to add the SplunkNinja’s tagline their fifth shirt.

Current shirts in production

• Take the “sh” out of IT
• Finding your faults, just like mom
• All batbelt, no tights

And now…..

“because ninja’s are too busy”

Retired Shirts

• The ultimate troubleshooting machine

Bookmark it to Digg or del.icio.us

Greetings Grasshoppers.. The Splunk Ninja is back with a double-shot this week. Two videos in three days. In this episode the SplunkNinja will demonstrate the simplicity of making Splunk work. He’ll download, install, configure and have Splunk eating logs in less that three minutes. This 8 minute video is a good primer for anyone who might want to see how Splunk really works!

Full Quality - Quicktime (MOV) format - 60MB

Video Podcast Quality (M4V) MPEG-4 format - 50MB

Please comment if you’d like to see different videos. The SplunkNinja will gladly all you to watch him destroy any IT data problem for you!

Bookmark it to Digg or del.icio.us

Hello Grasshoppa..

Today starts a series of web videos by the Splunk Ninja.  He will be providing downloads (and possibly a video podcast) of tips, tricks, how to’s and anything else you might like him to explain.  Its the Splunk Ninja that can demonstrate how to quickly slay different log formats.  He’ll show you how to fight Splunk-style.

(BOOONNNNNNNNGGGGG) “gong sound”

Bookmark it to Digg or del.icio.us