By Splunk December 10, 2014
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel:
There are really only 300 people on the internet
…and #splunk is 200 of them:
<RichardRa> Is it possible to timechart multiple fields per other field? More specifically, I am wanting to show a timechart of freespace by device by host. Using one of the Linux-TAs, my pseudo-search would look like: index=os_nix sourcetype=df | timechart span=5m max(UsePct) BY MountedOn BY host
<duckfez> RichardRa: by device by host or by the (device,host) tuple?
<Ayn> RichardRa: trying to think about what that would look like
<RichardRa> So, my goal would be a line for each device that would look like “host:mountedon”
<RichardRa> So, if there were two hosts each with two devices I would see 4 lines.
<duckfez> RichardRa: sounds like a tuple 
.. do a | eval host_device = host.”_”.device | timechart max(usePct) by host_device
<hexx_home> RichardRa: try … | eval host_mount = host.” : “.mount | timechart span=5m max(UsePct) by host_mount
<RichardRa> duckfez: I will try the tuple.
<duckfez> or what hexx_home said
* hexx_home shakes a fist at duckfez
* duckfez throws a snappy counter-retort at hexx_home
<pie|dc> you guys are adorable when you fight
<firebus> if i hadn’t met you both in person, i’d be assuming that one of you was the sock puppet of the other
<Ayn> obligatory http://bash.org/?23396
<@Splunky> Ayn’s URL: “QDB: Quote #23396”
<firebus> pretty much everyone in here is actually an NPC run by pie bob
Random musings
Sometimes the best source of truth is YOU:
<Baconesq> My irrational hatred of NFS is flaring up this morning. I need to calm down and remind myself that there are plenty of rational reasons to hate NFS.
—
<duckfez> I just thought about “what if splunk users were narrated by figure skating tv personalities”
<duckfez> “That was a beautifully executed subsearch, but he underdid it slightly on the summary index”
—
<starcher> hehehe Just added a panel in my personal Splunk Admin status dashboard. it pulls from our nessus results for vuln_id=47619 which is splunk web service detected. so if someone starts up an independent Splunk server on campus I’ll see it
Merry Trollmas
There’s a fine line between The Minority Report and Wacky Inflatable Arm Waving Guy:
<mackenzie> i just hooked up a Leap Motion to our Splunk displays in the office. one small step closer to minority report.
<DaGryph> Leap Motion o.O
<DaGryph> ?
<DaGryph> OOOOOHHHHHH
<DaGryph> I was thinking of these: https://www.thalmic.com/en/myo/
<mackenzie> 😀
<jpetrov_> mackenzie: how do you like the leap motion?
<mackenzie> we mounted them under the tv, and associated simple wave gestures to go next/back between Splunk dashboards
<mackenzie> so for that, it works lovely
<jpetrov_> haha, nice
<jpetrov_> i guess that have some use then
<mackenzie> and the fact anyone walking by can just navigate these displays w/o wearing an arm band.. way way better
<mackenzie> sometimes i just stop the software though and watch people wave in frustration
<mackenzie> it even registers when you give the Splunk display a middle finger and it says ‘f*ck you too’
<Nerf> “Printer is now voice controlled”
<duckfez> trollkenzi
<mackenzie> 
<duckfez> mackenzie: keep it up, people need a good trolling now and again
Filking of the highest caliber
stewgoin shows a secret side of himself
<automine> good morning splunky people
<DaGryph> Hellooooooooooooooooooooooooooooooooooooooooooooo automine
<automine> whoa
<automine> “o” key stuck on the keyboard, DaGryph?
<davetoo> catOnKeyboard
* DaGryph sneezes. no cats
<DaGryph> I was going for a Hellooooo nurse vibe,
<DaGryph> You know, because reasons.
<automine> Animaniacs?
<DaGryph> and we’re zany to the max. 😀
<automine> there’s baloney in our slacks?
<stewgoin> We’re #splunk-ing maniacs, we know SPL syntax.
<automine> well done
<DaGryph> Nice!
<stewgoin> We drive IOPS to the max, with our crazy lispy hacks
<DaGryph> LOL!!!
<DaGryph> work deployment server in.
<stewgoin> We’re #splunk-ing maniacs, we deploy out apps like crack
<automine> shut it down, everyone. stewgoin wins the internet for the day
----------------------------------------------------
Thanks!
rachel perkins