Smart AnSwerS #67

Hey there community and welcome to the 67th installment of Smart AnSwerS.

For folks who will be in the San Francisco Bay Area the first full week of July, you’re all welcome to join us at the SFBA User Group meeting on Wednesday, July 6th @ 6:30PM PDT. chuckers has graciously offered to host at Comcast in Sunnyvale, CA where we’ll be hearing some interesting talks by watkinst from Mastercard and Splunk Senior Director of Product Management, Gaurav Agarwal. If you can make it, be sure to visit the SFBA User Group page to RSVP!

Check out this week’s featured Splunk Answers posts:

What happens to my multisite indexer cluster when connectivity between sites dies?

davidpaper shares this question and answer to educate the community on what exactly happens with replication when connection between sites is lost in a multisite indexer cluster. He explains the difference between inter-indexer and forwarder acknowledgement and how it relates to a disaster recovery scenario, making for a very informative read.

What are best practices for handling data in a Splunk staging environment that needs to go to production?

jtacy had end users from different teams that wanted to search non-production data and wanted to get community input on different approaches for getting this data to production. Lucas K recommends making use of distributed search groups which would allow users to choose between different data sources from a single set of search heads. He shows a simple example configuration for distsearch.conf to show how this setup works.

How can I get the latitude and longitude range when I click on map markers and use those values for a drilldown to a panel in the same dashboard?

Javip was using the Cluster Map visualization on a dashboard and had working XML to create tokens for latitude and longitude values when clicking in the map, but needed a range of values instead for filtering table results. ziegfried gives an excellent solution with sample XML to meet this requirement, introducing Javip to a different set of tokens to use that denote the bounds of the cluster.

Thanks for reading!

Missed out on the first sixty-six Smart AnSwerS blog posts? Check ‘em out here!

Patrick Pablo
Posted by Patrick Pablo

Join the Discussion