This week in “That Happened: notes from #splunk”, a blog about goings-on in the Splunk IRC channel:
Sparklines aren’t for everything
We’re very proud of the new fancy sparklines features in Splunk 4.3, but even the shiniest things have their moments of dullness:
* Nerf questions the value of exporting sparklines to csv
Grateful for anonymity and duckfez
If you have a Splunk question, chances are that duckfez knows the answer. Fun Fact: He’s the only #splunk denizen who is formally quoted in the official Splunk product documentation! (Can you find where?)
<splunkusr> hello everybody
<splunkusr> is there a way to mask a part log file in splunk ?
<splunkusr> I have ssn # with names in logs, I want to mask ssn and name for the users and should only display to specific group
<@Splunky> duckfez’s URL: “Anonymize data”
<duckfez> now, this anonymizes it for everyone, globally, by editing the raw event before it is indexed
<duckfez> there is no 100% foolproof way of doing this selectively, at search time, for specific roles
<splunkusr> so that means nobody can see the data even they are in the right roles
<splunkusr> Thank you sir
<splunkusr> that link is so useful and thats what exactly I’m looking for
Coffee makes the world go ’round
<jspears> coffee time!
<pie|home> mmm, coffee time
<duckfez> DO YOU FOLKS LIKE COFFEE??
<@cgales> how we read IRC in the morning: blah blah blah COFFEE blah blah blah
Where in the world is your data?
icarus902 helps us find our data’s inner Carmen Sandiego with a custom search command he posted to Splunkbase:
<icarus902> if anybody has desired to perform proximity- or distance-based searches (e.g., using geoip), I’ve made a custom Splunk command for the purpose
<@Splunky> icarus902’s URL: “haversine – Splunk Community”
<icarus902> calculates distance between two lat/lon points
<icarus902> statically passed as a command parameter or pulled from an input event