fighting the lack of good ideas
Any time someone who does not understand the practical outworkings of a given topic tries to “teach” it, you end up with a “presentation” – mostly in the form of propositional statements (dogs are mammals; barges are boats), or key-value pairs (in 1492, Columbus sailed the ocean blue; Caracas is the capital of Venezuela). Propositional…
continue “if you do not explain the why, where, and when, the what does not matter” »
Because if you don’t know them, you will wish you did. And when you do know them, you will know when to not use them.
deeply-broadly-carefully Please feel free to use/share/copy/adapt this image
Data Models are one of the major underpinnings of Splunk’s power and flexibility. They’re the only way to benefit from the powerful pivot command, for example. They underlie Splunk Enterprise Security (probably the biggest “non-core” use of Splunk amongst all their customers). Key to achieving peak performance from Splunk Data Models, though, is that they…
continue “a poor user’s guide to accelerating data models in splunk” »
Had a Splunk use-case present itself today on needing to determine if the value of a field was found in another – specifically, it’s about deciding if a lookup table’s category name for a network endpoint is “the same” as the dest_category assigned by a Forescout CounterACT appliance. We have “customer validated” (and we all…
I made a mistake 4 years ago. I said vampires and zombies couldn’t [long] coexist. Because they’d be competing for the same – dwindling – food source: the living (vs them both being undead). But I was wrong. If the universe in which they exist is a mash-up of that of Twilight and iZombie ……
I recently had cause to do an extensive trellised timechart for a dashboard at $CUSTOMER in Splunk. They have a couple hundred locations reporting networked devices. I needed to report on how many devices they’ve reported every day over the last 90 days (I would have liked to go back further…but retention is only 90…
continue “how-to timechart [possibly] better than timechart in splunk” »