SPLUNK LIFE

That happened: episode 2

This week in “That Happened: notes from #splunk”, a blog about goings-on in the Splunk IRC channel:

Sparklines aren’t for everything

We’re very proud of the new fancy sparklines features in Splunk 4.3, but even the shiniest things have their moments of dullness:

* Nerf questions the value of exporting sparklines to csv
<Nerf> ##__SPARKLINE__##,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

Grateful for anonymity and duckfez

If you have a Splunk question, chances are that duckfez knows the answer. Fun Fact: He’s the only #splunk denizen who is formally quoted in the official Splunk product documentation! (Can you find where?)

<splunkusr> hello everybody
<splunkusr> is there a way to mask a part log file in splunk ?
<splunkusr> I have ssn # with names in logs, I want to mask ssn and name for the users and should only display to specific group
<duckfez> http://docs.splunk.com/Documentation/Splunk/latest/Data/Anonymizedatausingconfigurationfiles
<@Splunky> duckfez’s URL: “Anonymize data”
<duckfez> now, this anonymizes it for everyone, globally, by editing the raw event before it is indexed
<duckfez> there is no 100% foolproof way of doing this selectively, at search time, for specific roles
<splunkusr> so that means nobody can see the data even they are in the right roles
<duckfez> correct
<splunkusr> cool.
<splunkusr> Thank you sir
<splunkusr> that link is so useful and thats what exactly I’m looking for

Coffee makes the world go ’round

Fans of Dethklok and Gary Larson take note:

<jspears> coffee time!
<pie|home> mmm, coffee time
<duckfez> DO YOU FOLKS LIKE COFFEE??
<JPres> YES!!!!
<@cgales> how we read IRC in the morning: blah blah blah COFFEE blah blah blah

Where in the world is your data?

icarus902 helps us find our data’s inner Carmen Sandiego with a custom search command he posted to Splunkbase:

<icarus902> if anybody has desired to perform proximity- or distance-based searches (e.g., using geoip), I’ve made a custom Splunk command for the purpose
<icarus902> http://splunk-base.splunk.com/apps/42932/haversine
<@Splunky> icarus902’s URL: “haversine – Splunk Community”
<icarus902> calculates distance between two lat/lon points
<icarus902> statically passed as a command parameter or pulled from an input event

----------------------------------------------------
Thanks!
rachel perkins

Splunk
Posted by

Splunk

Join the Discussion