Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Hey there community and welcome to the 46th installment of Smart AnSwerS.
Last quarter, I started presenting to each cohort of Splunk new-hires every month about all the various Splunk Community programs and spaces to show how our awesome users from around the world connect with one another. One part of the presentation involves bringing up the Splunk User Group Slack channel live on screen for the community to give our brand new Splunkers a warm welcome and hello. This has turned into one of the biggest highlights as customers, partners, and fellow employees alike demonstrate why they are what make the Splunk community so successful, lively, and hilarious…and this includes sharing an old MySpace profile photo of me dug up from my college years ;P Gotta love em!
Check out this week’s featured Splunk Answers posts:
Ellen from Splunk Support asked and answered this question to share a useful tip with the greater community. She shows what splunkd.log entries identify the sequence of the dynamic captain change over time in search head cluster instances for debugging purposes. Supportability engineering liason hexx adds that the Distributed Management Console has Search Head Clustering views that show a history of recent captain elections as well. Choose your flavor!
https://answers.splunk.com/answers/315827/in-search-head-clustering-what-splunkdlog-entries.html
mjuhasz needed to present a list of Splunk Enterprise Security correlation searches and their descriptions to some stakeholders, but saw that not all of the searches were listed in documentation. Luckily ES tech writer ekost shares a clean and simple answer using a rest search on the correlation searches endpoint with the commands and fields to list out everything mjuhasz was looking for.
https://answers.splunk.com/answers/239437/how-to-get-a-complete-list-with-descriptions-of-co.html
KolGr001 shared a search he was using to track invoice transactions, but needed help figuring out how to tweak it to account for batches of invoices that were started before 12AM and finished processing the following day as they were being considered as failed or stuck. However, he also needed to exclude any transactions that started after 12AM. SplunkTrustee somesoni2 saves the day by making a change to the latest time modifier and suggested adding a condition to the where clause in the search to make sure next day transactions were not included.
https://answers.splunk.com/answers/307035/how-to-edit-my-search-to-track-transactions-that-s.html
Thanks for reading!
Missed out on the first forty-five Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo
----------------------------------------------------
Thanks!
Patrick Pablo
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.