Smart AnSwerS #8

Hello Splunk community and welcome to the 8th installment of Smart AnSwerS!

Have you ever had to babysit a dog for a friend and have to completely change your routine to make sure they don’t unleash all heck in your house? Well that’s what my week’s been like with totally different commute times, sleep and work schedules. Somehow, I’ve managed to make it work and still find time to hunt for some gems like these. – Check out this week’s featured Splunk Answers posts:

How to configure Chrome as a search engine for Splunk searches?

Not only are there smart AnSwerS, but there are smart questions too! oxnard posted a very interesting topic on how to configure their Chrome browser to simply type a shortcut in the address bar to initiate a Splunk search. MuS, appreciative of the idea being shared on Answers, found just the tweak needed to make this functionality possible.

How to search and set up an alert displaying hosts that are forwarding more data compared to the average of the previous week?

snehal8 wanted to create an alert that would generate a list of hosts that were sending more data in comparison to the average of all hosts from the previous week. With an evaluation of their approach, lguinn gives a great answer showing a more efficient search to get the desired outcome. somesoni2 comes in to the thread to affirm lguinn’s awesomeness and he also suggests an adjustment to the time modifiers used to  meet the requirement of “previous week” versus the last 7 days for this use case more accurately.

How to get the last 15 days of logs relative to the latest event, not to now?

Javo222 was trying to find the last 15 days of logs with the most recent event as the starting point. However, they were having trouble with constructing the right search as the results returned were from the last 15 days relative to the current time. Sometimes the best answer isn’t always a full blown detailed response, but references a previously-asked question with an answer that’s right up the same alley. There was no need to recreate the wheel as chanfoli shared a 5 year old Answers post that pointed Javo222 in the right direction.

Thanks for reading folks and have a great rest of the week!


Missed out the first seven Smart AnSwerS blog posts? Check em out here!

Posted by