I'm bearish on Urbit

Categories:

I keep coming across the Urbit project, and decided to investigate it for myself to learn what it's all about. I've read a bit and watched some youtube introduction videos, and decided I'm quite bearish on the project. I don't think it has a good future. Here's why.

Splunk docker container with Trunk, built with Packer and Terraform

I don't work at Splunk anymore, but I still do some freelance consulting, and so I thought I would share one of my old side projects, Trunk.

I am providing a couple of Github repos so that you can create and run your own Splunk instance with Trunk preconfigured to index Trello webhooks in your own AWS account. When the container starts, it subscribes to open Trello boards that are accessible with the Trello credential you provide.

The Trunk app, which provides status report dashboards.

Find size of lookup files in Splunk Web

Categories:

I needed to list the lookup tables and their sizes using Splunk Web. Here's a query to do just that!

| rest splunk_server=local /services/data/lookup-table-files/
| rename eai:acl.app as app 
| table app title 
| search NOT title IN (*.kmz) 
| map maxsearches=990 search="| inputlookup $title$ 
| eval size=0
| foreach * [ eval size=size+coalesce(len('<<FIELD>>'),0), app=\"$app$\", title=$title$ | fields app title size]" 
| stats sum(size) by app title
| sort - sum(size)
 

Splunk foreach command examples

Categories:

The Splunk foreach SPL command is pretty useful for building powerful queries. Here are some examples that I've created as a reference for how to use this powerful command.

Trello Guide for IT Project Management

Categories:

I've been a Trello user and fan for a long time. The intuitive interface provides a powerful platform for managing any project in a Kanban or Scrum methodology.

 

Splunk macro to remove identical fields

Categories:

 

Suppose that you have a Splunk query that returns a result set with some duplicate fields. Would you like to remove the duplicate fields so that you can quickly identify the differenes between each result? Here's a macro to do it!

Splunk macro to remove empty fields

Categories:

If you have a Splunk query that returns empty fields, you can use this query to programatically remove these blanks.

Identifying Splunk forwarders that phone home too frequently

Categories:

As I've worked on many large-scale Splunk environments, a common problem I've noticed is that Splunk forwarders phone home to the deployment server (DS) too frequently. When a forwarder phones home to the DS more often than necessary, it wastes resources on the DS, and can prevent the DS from deploying apps to forwarders correctly.

Bookmarks every Splunk admin must have

If you are Splunk admin, consultant, or power user, you may find yourself referring to the docs frequently. I bookmarked the Splunk docs that I frequently use, and I am sharing these bookmarks for everyone to use.

To add these bookmarks to Chrome, open the bookmark manager and then click import bookmarks.

To add these bookmarks to Firefox, open the bookmark manager and then click import bookmarks from HTML.

screenshot

Splunk saved search (and correlation search!) explorer

Categories:

As a Splunk administrator, have you ever needed to list out your saved searches in some way? Perhaps you need to know which searches might be accelerated, scheduled, or even real-time scheduled? Here's a quick dashboard to show this information.

The dashboard is available in this GitHub repo.

saved search explorer screenshot

 

Pages

Subscribe to Pixelchef.net RSS