Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Hey there community and welcome to the 53rd installment of Smart AnSwerS.
With Super Bowl 50 madness phasing out this week, our rescheduled San Francisco Bay Area User Group meeting is a go for tonight at Splunk HQ! Splunker Erik Cambra will be giving a talk on how Splunk splunks…(drum roll)…Splunk! If you happen to be in the area, come on by! If you can’t grace us with your presence because you’re miles away, then be sure to check out the Splunk User Groups site to find an upcoming meeting near you
Check out this week’s featured Splunk Answers posts:
splunkIT was getting different counts using wildcards to search an extracted field value and wanted to know if this was a limitation or a bug. woodcock shared a Splunk blog that covered a solution for this by using INDEXED_VALUE = false, but with the caution that this could affect search performance. cpride came in to give a very informative overview on how strings of raw data are indexed using values configured in segmenters.conf and demonstrated why this affects results using wildcards placed in different parts of the searched value.
https://answers.splunk.com/answers/326291/why-am-i-getting-inconsistent-event-counts-when-us.html
This topic has come up on Answers several times, so this helpful question and answer by jwelsh serves as a good reference for users searching high and low. Learn how to use the _internal index to find the last time your desired alert fired to prevent overlapping triggered alerts.
https://answers.splunk.com/answers/326872/what-is-the-easiest-way-to-send-an-alert-when-anot.html
praneethkodali had a search that was producing a list of values and counts for a field, but needed to edit the search to sum the counts of similar values in the list. With the powers of regular expressions and eval combined, aljohnson (with some mutual help from praneethkodali) shows how to match the variations into a single uniform value to get the desired result.
https://answers.splunk.com/answers/327096/how-do-i-sum-the-counts-of-all-the-similar-values.html
Thanks for reading!
Missed out on the first fifty-two Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo
----------------------------------------------------
Thanks!
Patrick Pablo
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.