Smart AnSwerS #12

Hello Splunk community and welcome to the 12th installment of Smart AnSwerS.

I had just come back from eating lunch and what do I find 10 feet away from my desk? Over 15 boxes of leftover pizza from a meeting of course. I fight the urge to grab a slice or five and I take a break for the gym instead. I get back to the office and what do I find in the kitchen? 3 boxes of leftover deep dish pizza. I reach for a cup of tea instead and head to my desk. Our amazing executive assistant Jade Lo comes around with a box full of large buttery cookies of all flavors. What do I do? I take one. I can only have so much will power in this office! Check out this week’s featured Splunk Answers posts:

How do I set up a Splunk Cloud Trial (Sandbox) Forwarder?

This question came up very frequently for the past several months, so khourihan_splunk delivered with a one stop shop post to answer them all. He goes through the process and provides screenshots of the GUI on how to configure your forwarder to send data to your Online Sandbox. This will be handy to have in your back pocket to provide a quick-fire answer if you see the question pop up so you can rack up those karma points.

How to get license usage data for a particular index with a breakdown of usage by a field?

I usually see posts where users are trying to find the license usage data per index, but jackiewkc needed to go a step further and find a breakdown of license usage for a certain field. martin_mueller notes that the license_usage.log isn’t going to provide the data needed for this, so he shows how to search the length of the characters from the _raw data for the field and convert that to gigabytes with eval.

How can I share a lookup script with other apps?

jameshgibson had a lookup script in his apps bin folder, but needed to use this external lookup from other apps. Even though he set the lookup permissions to global, he was still getting the message “lookup script not found”. Luckily, dwaddle had previous experience with this issue and shared how to make edits to the default.meta.conf file in the app to provide read access for the lookup script.

Thanks for reading and happy Splunking!


Missed out on the first eleven Smart AnSwerS blog posts? Check em out here!

Patrick Pablo
Posted by

Patrick Pablo

Born and raised in Los Angeles, Patrick made his way up north for college and fell in love with the Bay Area, making it his second home. After working 5 years for a non-profit as a college & career counselor in San Francisco public high schools, he stumbled across a new career opportunity himself! Patrick found a new way to apply his community organizing background in a way he didn’t know was possible at Splunk.

Join the Discussion