Hey there community and welcome to the 36th installment of Smart AnSwerS.
While searching and writing up content for this post, all I could hear behind me was “Jess, duck. Hey Jess, can you duck really quick? Jess? Cool.” Docteam rockstar Jess finally obliges. *nerf guns go pew pew pew galore* Just another late afternoon in the middle of the week. The nerf wars have gotten more intense lately. I’ve had to put up a temporary barricade behind me to avoid accidental head and neck shots from the crossfire. There was even plastic debris around piebob’s desk earlier this week from a lamp shade 2 desks away. The horror! However, I’ve emerged from this war a survivor many times. It’ll take more than a nerf bullet or ten to stop me ;D
Check out this week’s featured Splunk Answers posts:
What can we use to replace loadjob-based dashboards that work with Search Head Clustering to make user of replicated artifacts?
jamiemccallion needed to migrate loadjob-based dashboards to something that worked with search head clustering as there is a current known issue where saved search artifacts are not available to all search head cluster members via loadjobs. Jamie was pointed in the right direction by Splunk Support and shared the solution by posting both the question and answer for the community on Splunk Answers. Check out the workaround using the search tag attribute ‘ref’ instead of the loadjob command in Simple XML dashboards.
http://answers.splunk.com/answers/260035/what-can-we-use-to-replace-loadjob-based-dashboard.html
How do I search specified fields with the same keyword list without searching the entire index?
abour wanted to search a list of specific fields for the same list of keywords without having to repeatedly type out each key-value pair in the search string, but also avoid searching through the entire index for fields that were not of interest. martin_mueller constructed a subsearch to meet this exact requirement, explained how it worked, and suggested creating a macro with the subsearch content to easily execute this again for future use. Get your search fu on and learn a thing or two from this impressive answer.
http://answers.splunk.com/answers/269855/how-do-i-search-specified-fields-with-the-same-key.html
How to merge rows in a table column if the value is repeating?
jagadish85 had a table with a column of rows with repeating values, but wanted to merge these rows into one to only show each value once. This is a common table formatting requirement that comes up on Answers every so often, so the solution by Runals has been a great help to more than just the original poster of the question. Learn how the simple, but strategic placement of the sort command makes all the difference.
http://answers.splunk.com/answers/232581/how-to-merge-rows-in-a-table-column-if-the-value-i.html
Thanks for reading!
Missed out on the first thirty-five Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo