Hey there community and welcome to the 60th installment of Smart AnSwerS.
Hot off the press! The next SplunkTrust Virtual .conf Session has been scheduled for next Thursday, April 28th, 2016 @ 9:00AM PST. Duane Waddle and George Starcher will be giving their popular talk “Avoid the SSLippery Slope of Default SSL”, which has been used and referenced far and wide among the Splunk community in the past couple years. See what the hype is all about by visiting the Meetup page to RSVP and find the WebEx link to join us next week!
Check out this week’s featured Splunk Answers posts:
How to put an expiration date on a set of saved searches or alerts so after a specified date, they will no longer run?
daniel333 was looking for a way to set an expiration on a set of saved searches so they will no longer run after a certain date, and also provide a warning when a job’s expiration date is approaching. SplunkTrust member somesoni2 created the exact search with all requirements daniel333 was looking for. sk314 thought this was just plain sorcery, but somesoni2 left a follow up comment to break down exactly what was happening in each part of the search for an excellent lesson in SPL.
https://answers.splunk.com/answers/366096/how-to-put-an-expiration-date-on-a-set-of-saved-se.html
Where should I run my report that populates a summary index?
markwymer had a scheduled search populating a summary index, but wasn’t sure if it would be better to run it from two load balanced indexers, or if it had to be run and stored on a search head. Jeremiah gave a great explanation of what happens when scheduling and running a summary search and addressed the various scenarios brought up by markwymer. The best approach, however, was the best practice of running it from a search head configured to forward its data to the load balanced indexers. This way, the summary data is evenly distributed to the tier of indexers instead of being indexed locally on the search head to avoid unnecessary storage and scaling issues.
https://answers.splunk.com/answers/363868/where-should-i-run-my-report-that-populates-a-summ.html
How to calculate the factorial of a number in a Splunk search?
shrirangphadke wanted to know if it was possible to calculate the factorial of a number in a Splunk search using eval. javiergn took a stab at this by constructing 2 possible searches based on the natural logarithm, using a combination of Splunk search commands to generate the same logic. This worked for shrirangphadke who also took the suggestion by stanwin to create a custom command with Python.
https://answers.splunk.com/answers/369054/how-to-calculate-the-factorial-of-a-number-in-a-sp.html
Thanks for reading!
Missed out on the first fifty-nine Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo