Smart AnSwerS #70

Hey there community and welcome to the 70th installment of Smart AnSwerS.

Since expanding Splunk HQ with the addition of the new building next door, things have been eerily quiet as you walk through each floor since everyone has been spread out, leaving many Splunkers feeling distant and empty. People have been missing the energy and lively vibe when everyone was all together under one roof. It was finally decided that everyone in the old building would be consolidated into the new building. So in true Splunk fashion, we’ll be celebrating with a party tomorrow for one last hurrah in our 250 Brannan courtyard before the move to bid our farewell to the old building until it undergoes its new makeover!

Check out this week’s featured Splunk Answers posts:

How to create a search that shows a trending value based on the selected time range picker value?

Iranes needed to create a dashboard with a single value visualization and trending value that changed based on the time range picker, not the default timechart span values. SplunkTrust member MuS answers with a run anywhere dashboard example of Simple XML to get the solution started. With some back and forth discussion on syntax for the search, Iranes was able to find a working solution with MuS’ guidance.

How to convert an IP address to binary?

Applegreengrape wanted to know if it was possible to convert an IP address to binary in a Splunk search. SPL can be very powerful, especially if you have a strong grasp on how you can manipulate your data with the right commands. Javiergn comes up with just the right search for this requirement using a combination of eval and stats to get the expected output.

How does Splunk assign thread_id for scheduled searches and alerts in scheduler.log?

AntonyPriwin noticed there were saved searches and alerts with the same scheduled_time and dispatch_time that had incremented thread_id values, but there were others that all had the same thread_id. He was interested in understanding the reason for this behavior, and jrodman gave a great explanation of how this value is assigned and what it’s used for.

Thanks for reading!

Missed out on the first sixty-nine Smart AnSwerS blog posts? Check ‘em out here!

Patrick Pablo
Posted by

Patrick Pablo

Born and raised in Los Angeles, Patrick made his way up north for college and fell in love with the Bay Area, making it his second home. After working 5 years for a non-profit as a college & career counselor in San Francisco public high schools, he stumbled across a new career opportunity himself! Patrick found a new way to apply his community organizing background in a way he didn’t know was possible at Splunk.

Join the Discussion