Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Hey there community, and welcome to the 29th installment of Smart AnSwerS.
SplunkLive! is currently in session in San Francisco, CA where current and potential customers get to hear from Splunkers and other fellow customers on how various Splunk products are used to gain valuable insight from their machine data. It’s a great space to learn what Splunk can bring to your organization through the many use cases that have been applied successfully, and also network with other users to share knowledge and discover new possibilities. If you missed out on attending SplunkLive! today, you can always stay tuned to our Upcoming Splunk events and webinars to see if there are opportunities near you.
Check out this week’s featured Splunk Answers posts:
cdo needed to return a list of users with all assigned indexes and roles. She already had a search she was working with, but a particular role was missing and couldn’t figure out what changes needed to be made to get an accurate list. Search guru martin_mueller jumped in to help cdo construct just the right search to reach the desired result. After some trial an error and information gathering, martin successfully reached a solution that can prove useful for other users as well.
http://answers.splunk.com/answers/260126/how-can-i-search-a-list-of-users-with-all-the-role.html
henrit used the metadata command to generate a list of hosts for a particular index, and the result included a total_count field which he thought was a host’s number of events for the current day. However, when running a search against a particular host from that list, no data was returned which led him to ask this question. acharlieh highlights the description of the metadata command to show that it gives information about an index as a whole and not for a particular timeframe. He introduces henrit to the metasearch command an alternative option to retrieve metadata from raw for a desired time range.
http://answers.splunk.com/answers/243944/a-host-reported-in-the-metadata-doesnt-seem-to-hav.html
vitorvmiguel needed to count unique values for a field and group these counts by another field without using a subsearch to prevent search performance issues. sideview demonstrates how and why the eventstats command is more ideal than stats for this particular scenario. Improve your search fu and check out how he breaks down each step to give not only the original poster an awesome answer, but an educational opportunity for the rest of the community to learn from.
http://answers.splunk.com/answers/241656/how-to-group-calculated-unique-values-by-another-f.html
Thanks for reading!
Missed out on the first twenty-eight Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo
----------------------------------------------------
Thanks!
Patrick Pablo
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.