SPLUNK LIFE

That happened: episode 5

This week in “That happened: notes from #splunk” a blog about the goings-on in the Splunk IRC channel:

What has Splunk done for you lately?

jspears encourages us to share the love (and shares what he learned):

<jspears> there needs to be a place for public submissions of “Splunk solved this for me today”
<@piebob> jspears: that sounds cool, what did you have in mind?
<wrench_> that does sound cool
<jspears> I don’t know really, I just think I would easily have one a day
<jspears> today I found a performance issue in our syslog infrastructure that was delaying lots of messages by 10 minutes or more
<jspears> thanks to _time and _indextime
<jspears> and that’s why you don’t setup swatch on your syslog archive machine and forget about it for 8 years

No backreference check required

duckfez invites wrench_ to join him at the grownup table with the other rex mode=sed users:
<wrench_> mornin
<wrench_> is there a way to use the replace command and capture something from the first string and use it in the replacement string?  Example:
<wrench_> | replace “*Chrome/(\d)\.*” with “Chrome$1” in useragent
<wrench_> in perl the $1 would be replaced with the digit captured
<duckfez> wrench_: step up to | rex mode=sed
<duckfez> then you can backreference to your heart’s content
<wrench_> ah cool thanks duckfez

The Meme Is Strong With This One

Excitable dorks on the line:

<Ayn> HELLO
<duckfez> THIS IS DOG
<@piebob> YES I’LL HOLD
<@piebob> <3
<@piebob> http://weknowmemes.com/content/dam/splunk-blogs/images/2011/10/hello-yes-this-is-dog.png

A bargain at twice the price

Drainy adds value, Dutchy provides grist for the Splunk Answers karma machine:
<Drainy> anyone fancy upgoating this -> http://splunk-base.splunk.com/answers/43666/single-value-change-font-size
<@Splunky> Drainy’s URL: “Single Value change font size – Splunk Community”
<Drainy> if you haven’t already 😛 It’s turned into a long list of CSS advice
<Dutchy> reading it
<Dutchy> indeed a bit listy
<Drainy> a bargain at 10 karma points if you ask me
<Dutchy> btw…do you know if everything in appserver\static  dir based is just picked up?
<Drainy> yup
<Drainy> no restart is needed
<Drainy> although sometimes you have to clear your cache or force it with CTRL+F5 (browser dependent)
<Dutchy> ah thats why i have missed things…i made a folder within for -org edits
<Dutchy> so have 2 application.css’s
<Dutchy> upgoated
<Dutchy> 😉
<Drainy> 😀

Perhaps not our finest startup message

But at least no one has asked us for an option to remove it, yet:
<jspears> just seen on restart:  Splunk> Like an F-18, bro.
<jspears> do what now?
<jspears> omg googled and lol

----------------------------------------------------
Thanks!
rachel perkins

Splunk
Posted by

Splunk

Join the Discussion