Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Hey there community and welcome to the 49th installment of Smart AnSwerS.
This just in! The next SplunkTrust Virtual .conf session is this Friday, January 15th @ 11:00AM PST. Come learn a thing or twenty with SplunkTrust members Duane Waddle and George Starcher as they cover their popular talk “Through the Lookups Glass”. Join the 30+ users on the event meetup page and RSVP to get your Splunk clue on!
Check out this week’s featured Splunk Answers posts:
pduflot wanted to know if there was a search or something to look for in internal logs to determine if fields in search results were extracted at index-time or search-time. Lowell explains that this unfortunately isn’t easy, listing just some of the many sources each individual field could come from. The good news is, it’s not impossible with some patience and looking at certain fields in question. He shows different options such as using the tstats command, certain key-value search syntax, and methods to examine .conf and .tsidx files.
https://answers.splunk.com/answers/339034/is-there-a-way-to-know-which-fields-were-extracted.html
banderson7 needed a search to periodically check if any apps or add-ons installed on search peers in a distributed environment had a new version released on Splunkbase. Lo and behold, SplunkTrust member martin_mueller shared a nifty search that can be scheduled on any Splunk instance as often as needed and saved as an alert to be notified of available updates.
https://answers.splunk.com/answers/336868/has-anyone-created-a-scheduled-search-that-notifie.html
rsgage had a search-time field extraction defined in props.conf, but couldn’t understand why a straightforward field=value search wasn’t returning certain events as expected. Take a crash course in segmentation with an awesome answer by jeffland (with some behind the scenes help from martin_mueller. He’s everywhere!). jeffland uses simplified examples to break down how Splunk fetches events from disk based on segments to demonstrate why no events were returned for the defined field extraction to work.
https://answers.splunk.com/answers/340027/why-are-events-not-returned-for-a-search-on-a-sear.html
Thanks for reading!
Missed out on the first forty-eight Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo
----------------------------------------------------
Thanks!
Patrick Pablo
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.