Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel:
…and #splunk is 200 of them:
<RichardRa> Is it possible to timechart multiple fields per other field? More specifically, I am wanting to show a timechart of freespace by device by host. Using one of the Linux-TAs, my pseudo-search would look like: index=os_nix sourcetype=df | timechart span=5m max(UsePct) BY MountedOn BY host
<duckfez> RichardRa: by device by host or by the (device,host) tuple?
<Ayn> RichardRa: trying to think about what that would look like
<RichardRa> So, my goal would be a line for each device that would look like “host:mountedon”
<RichardRa> So, if there were two hosts each with two devices I would see 4 lines.
<duckfez> RichardRa: sounds like a tuple .. do a | eval host_device = host.”_”.device | timechart max(usePct) by host_device
<hexx_home> RichardRa: try … | eval host_mount = host.” : “.mount | timechart span=5m max(UsePct) by host_mount
<RichardRa> duckfez: I will try the tuple.
<duckfez> or what hexx_home said
* hexx_home shakes a fist at duckfez
* duckfez throws a snappy counter-retort at hexx_home
<pie|dc> you guys are adorable when you fight
<firebus> if i hadn’t met you both in person, i’d be assuming that one of you was the sock puppet of the other
<Ayn> obligatory http://bash.org/?23396
<@Splunky> Ayn’s URL: “QDB: Quote #23396”
<firebus> pretty much everyone in here is actually an NPC run by pie bob
Sometimes the best source of truth is YOU:
<Baconesq> My irrational hatred of NFS is flaring up this morning. I need to calm down and remind myself that there are plenty of rational reasons to hate NFS.
—
<duckfez> I just thought about “what if splunk users were narrated by figure skating tv personalities”
<duckfez> “That was a beautifully executed subsearch, but he underdid it slightly on the summary index”
—
<starcher> hehehe Just added a panel in my personal Splunk Admin status dashboard. it pulls from our nessus results for vuln_id=47619 which is splunk web service detected. so if someone starts up an independent Splunk server on campus I’ll see it
There’s a fine line between The Minority Report and Wacky Inflatable Arm Waving Guy:
<mackenzie> i just hooked up a Leap Motion to our Splunk displays in the office. one small step closer to minority report.
<DaGryph> Leap Motion o.O
<DaGryph> ?
<DaGryph> OOOOOHHHHHH
<DaGryph> I was thinking of these: https://www.thalmic.com/en/myo/
<mackenzie> 😀
<jpetrov_> mackenzie: how do you like the leap motion?
<mackenzie> we mounted them under the tv, and associated simple wave gestures to go next/back between Splunk dashboards
<mackenzie> so for that, it works lovely
<jpetrov_> haha, nice
<jpetrov_> i guess that have some use then
<mackenzie> and the fact anyone walking by can just navigate these displays w/o wearing an arm band.. way way better
<mackenzie> sometimes i just stop the software though and watch people wave in frustration
<mackenzie> it even registers when you give the Splunk display a middle finger and it says ‘f*ck you too’
<Nerf> “Printer is now voice controlled”
<duckfez> trollkenzi
<mackenzie>
<duckfez> mackenzie: keep it up, people need a good trolling now and again
stewgoin shows a secret side of himself
<automine> good morning splunky people
<DaGryph> Hellooooooooooooooooooooooooooooooooooooooooooooo automine
<automine> whoa
<automine> “o” key stuck on the keyboard, DaGryph?
<davetoo> catOnKeyboard
* DaGryph sneezes. no cats
<DaGryph> I was going for a Hellooooo nurse vibe,
<DaGryph> You know, because reasons.
<automine> Animaniacs?
<DaGryph> and we’re zany to the max. 😀
<automine> there’s baloney in our slacks?
<stewgoin> We’re #splunk-ing maniacs, we know SPL syntax.
<automine> well done
<DaGryph> Nice!
<stewgoin> We drive IOPS to the max, with our crazy lispy hacks
<DaGryph> LOL!!!
<DaGryph> work deployment server in.
<stewgoin> We’re #splunk-ing maniacs, we deploy out apps like crack
<automine> shut it down, everyone. stewgoin wins the internet for the day
----------------------------------------------------
Thanks!
rachel perkins
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.