Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Hey there community and welcome to the 64th installment of Smart AnSwerS.
One of the Splunk Cloud support engineers left on vacation last week, so in true Splunk fashion, his desk is getting a complete makeover by the time he returns! yannK has been putting on his creative hat this week to transform the desk into a Star Wars TIE Fighter which has been coming together incredibly well. If it were my desk, I’d leave it as a permanent installation because it looks that cool and is still completely functional as a work station…not that I’m jealous or anything ;P
Check out this week’s featured Splunk Answers posts:
SplunkTrust member acharlieh needed to know how to configure DATETIME_CONFIG in an app relative manner. Users were developing and testing apps on local standalone Splunk instances, but he wanted to make sure these apps could also be deployed across production indexer clusters from a cluster master with the same settings. lguinn provides a clear example of where to store the custom datetime.xml and how to configure props.conf in the same app to deploy consistent settings in both types of environments without making manual changes on each indexer.
https://answers.splunk.com/answers/270337/how-would-one-correctly-configure-datetime-config.html
zeophlite graphed a field and knew how to add additional fields to manually compare and find similarities in patterns, but wanted to know a way to have Splunk search and return fields that cross correlate based on results. jeffland gives an excellent answer showing various options like using the kmeans command, computing correlations by hand through an example search, and some Splunk out-of-the-box solutions such as the R Project or Machine Learning Toolkit and Showcase apps.
https://answers.splunk.com/answers/374184/how-to-search-for-fields-that-cross-correlate-with.html
dsollen was curious to know if it was possible to create a search macro where some of the fields are predefined with a default value that would be used based on the number of arguments provided. SplunkTrustee sideview strikes again with a solution he uses for cases like this: defining two macros. He uses the examples from dsollen’s question to show how the logic between the two definitions would work to use a default value if a user only provides one argument.
https://answers.splunk.com/answers/373040/can-a-search-macro-have-a-default-value-for-a-para.html
Thanks for reading!
Missed out on the first sixty-three Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo
----------------------------------------------------
Thanks!
Patrick Pablo
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.