Smart AnSwerS #67

Hey there community and welcome to the 67th installment of Smart AnSwerS.

For folks who will be in the San Francisco Bay Area the first full week of July, you’re all welcome to join us at the SFBA User Group meeting on Wednesday, July 6th @ 6:30PM PDT. chuckers has graciously offered to host at Comcast in Sunnyvale, CA where we’ll be hearing some interesting talks by watkinst from Mastercard and Splunk Senior Director of Product Management, Gaurav Agarwal. If you can make it, be sure to visit the SFBA User Group page to RSVP!

Check out this week’s featured Splunk Answers posts:

What happens to my multisite indexer cluster when connectivity between sites dies?

davidpaper shares this question and answer to educate the community on what exactly happens with replication when connection between sites is lost in a multisite indexer cluster. He explains the difference between inter-indexer and forwarder acknowledgement and how it relates to a disaster recovery scenario, making for a very informative read.

What are best practices for handling data in a Splunk staging environment that needs to go to production?

jtacy had end users from different teams that wanted to search non-production data and wanted to get community input on different approaches for getting this data to production. Lucas K recommends making use of distributed search groups which would allow users to choose between different data sources from a single set of search heads. He shows a simple example configuration for distsearch.conf to show how this setup works.

How can I get the latitude and longitude range when I click on map markers and use those values for a drilldown to a panel in the same dashboard?

Javip was using the Cluster Map visualization on a dashboard and had working XML to create tokens for latitude and longitude values when clicking in the map, but needed a range of values instead for filtering table results. ziegfried gives an excellent solution with sample XML to meet this requirement, introducing Javip to a different set of tokens to use that denote the bounds of the cluster.

Thanks for reading!

Missed out on the first sixty-six Smart AnSwerS blog posts? Check ‘em out here!

Patrick Pablo
Posted by

Patrick Pablo

Born and raised in Los Angeles, Patrick made his way up north for college and fell in love with the Bay Area, making it his second home. After working 5 years for a non-profit as a college & career counselor in San Francisco public high schools, he stumbled across a new career opportunity himself! Patrick found a new way to apply his community organizing background in a way he didn’t know was possible at Splunk.

Join the Discussion