TIPS & TRICKS

On the off chance you need help with Windows

Hello Internets,

As one of the splunkers responsible for answering the phone I’m going to use this space to talk about something near and dear to my hart — empowering my customers so they are able to figure out their own problems thereby allowing me read FARK all day long.

Since we recently released our Windows version a bunch of the folks in the office have been trying to figure out how they do the things they do in a UNIX enviornment (like wget a file) in Windows. I’ve been sharing some of my favorite Windows resources here at the office and figures the rest of you would probably like to know about them as well.

Google
Everyone seems to start here when they are looking for something. Most however don’t know that http://www.google.com/microsoft will restirct your search to Windows sites. They also have these search sites for linux, bsd, and the mac.

SysInternals
Mark and Bryce have created the ultimate coolection of free Windows utilities. Simple executables that allow to get so many of the diagnostic/monitoring things that a UNIX admin takes for granted. Some of my favorites (and especially useful in working with Splunk) in no particular order:

  • AccessEnum
    Lets you see who has access to what. This is really helpful when trying to figure out why Splunk isn’t indexing one of your files.
  • Process Monitor
    Watch the registry, running process/thread/DLL, and file system usage in real-time
  • PS Tools
    A bunch of command-line utilities for listing the processes running, working with the event log, rebooting the machine, etc.
  • Active Directory Explorer
    Advanced viewer/editor for Actiive Directory. This will be a godsend you are trying to configure Splunk to authenticate against your domain controller
  • WhoIS
    Doesn’t do much in the way of troubleshooting Splunk, but who doesn’t want to be able to see if ultramegaextrmeme.com is available and if not who the lucky owner is? BTW it is available.
  • TCPView for Windows
    Lets you see all the TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.

Hope that helps you guys out. All of you experienced Windows folks if you’ve got others out that there post to the comments. If my jaw hits the desk when I click the link I will send you a Splunk koozie.

----------------------------------------------------
Thanks!
Matt Green

Splunk
Posted by

Splunk