Smart AnSwerS #4

Hey there folks and welcome to the 4th installment of Smart AnSwerS!

Did any of you gain a pound or five over the holidays? I certainly did, but that’s ok! Good times and good eats with family and friends = me being insulated and cozy in bed as I peruse through posts to dig you all up some useful and interesting material – Check out this week’s featured Splunk Answers posts:

How to create a search to predict license violations?

Ever wonder what your indexed volume might be at the end of the day based on trending indexed data per hour as the day progresses? Well, you came to the right place! JdeFalconr had the need for this exact use case to predict possible license violations before even receiving any license warnings and laid out a clear picture of how they might want to achieve this. The ever-awesome martin_mueller strikes again with an awesome search solution and breakdown of how this can be done:

Can we use REST API call to re-authenticate search peers?

If you have one too many search peers you need to re-authenticate, then philip.wong asked just the right question for you to ride the coattails on.  Official Answers SpamHammer MuS provides a very straightforward answer on how to do this using the REST API, but also shares another approach using a remote Splunk command via the CLI for those of you that like keeping your options open:

How to write a search that automatically compares volume for this year against the same day of the week last year?

A lot of users have asked very similar questions to this, so this may be a nice post to keep in your reference arsenal of search examples. subtrakt needed a way to dynamically compare data from the current day of the week this year to the same day of the week last year. somesoni2 shows a great search to dynamically set the proper time modifiers to pull the desired data points. musskopf brings up a good point that the date of the day of the week changes from year to year, so just thinking in terms of the same day of the week should be something to be wary of. Veteran Answers contributors sideview and aholzer share their insights as well that are worth checking out. See how you can adapt everyone’s approaches to your individual use cases:

Thanks for reading everyone and I’ll see you back here in the New Year!


Missed out the first three Smart AnSwerS blog posts? Check em out here!

Patrick Pablo
Posted by

Patrick Pablo

Born and raised in Los Angeles, Patrick made his way up north for college and fell in love with the Bay Area, making it his second home. After working 5 years for a non-profit as a college & career counselor in San Francisco public high schools, he stumbled across a new career opportunity himself! Patrick found a new way to apply his community organizing background in a way he didn’t know was possible at Splunk.

Join the Discussion