think-read-speak
deeply-broadly-carefully Please feel free to use/share/copy/adapt this image
Category: insights
a poor user’s guide to accelerating data models in splunk
Data Models are one of the major underpinnings of Splunk’s power and flexibility. They’re the only way to benefit from the powerful pivot command, for example. They underlie Splunk Enterprise Security (probably the biggest “non-core” use of Splunk amongst all their customers). Key to achieving peak performance from Splunk Data Models, though, is that they…
continue “a poor user’s guide to accelerating data models in splunk” »
splunk: match a field’s value in another field
Had a Splunk use-case present itself today on needing to determine if the value of a field was found in another – specifically, it’s about deciding if a lookup table’s category name for a network endpoint is “the same” as the dest_category assigned by a Forescout CounterACT appliance. We have “customer validated” (and we all…
vampires *can* coexist with zombies
I made a mistake 4 years ago. I said vampires and zombies couldn’t [long] coexist. Because they’d be competing for the same – dwindling – food source: the living (vs them both being undead). But I was wrong. If the universe in which they exist is a mash-up of that of Twilight and iZombie ……
how-to timechart [possibly] better than timechart in splunk
I recently had cause to do an extensive trellised timechart for a dashboard at $CUSTOMER in Splunk. They have a couple hundred locations reporting networked devices. I needed to report on how many devices they’ve reported every day over the last 90 days (I would have liked to go back further…but retention is only 90…
continue “how-to timechart [possibly] better than timechart in splunk” »