Hey there community and welcome to the 80th installment of Smart AnSwerS.
The Splunk Pledge was announced last month, which is our commitment to research, education, and community service. Through Splunk4Good, a minimum of $100 million will be donated over the course of 10 years in software licenses, training, support, and education to nonprofit organizations and educational institutions. If there are any nonprofits or academic institutions engaging in positive social change that you feel could benefit from a free 10GB Splunk Enterprise license, standard support, and Splunk eLearning access, please do encourage them to apply!
Check out this week’s featured Splunk Answers posts:
Is there documentation comparing the features of Splunk User Behavior Analytics (Splunk UBA) and Splunk Enterprise Security?
tomasmoser couldn’t find any resource that clearly compared Splunk Enterprise Security and Splunk User Behavior Analytics. vnakra answered with a concise overview of the major differences and uses cases between these two applications. ChrisG added to the conversation with contact information to get more specific questions answered.
https://answers.splunk.com/answers/443840/is-there-documentation-comparing-the-features-of-s.html
How to use the concurrency command to timechart the top 10 concurrencies by field sourceip?
jgcsco was using the concurrency command to try and find the concurrency of an event by sourceip in a time chart, but was getting unexpected results. Luckily, Splunk search guru and SplunkTrust member sideview explains that the concurrency command isn’t the best approach for splitting by a field to visualize in a time chart. Instead, he shares a search string he’s crafted throughout the years to calculate concurrency by a split by field, and explains how the various SPL commands operate to get the required chart.
https://answers.splunk.com/answers/227393/how-to-use-the-concurrency-command-to-timechart-th.html
Splunk sub-processes start/stop every minute (splunk-admon, splunk-powershell, etc). How do we prevent this?
hortonew needed to configure a Windows universal forwarder to prevent the behavior of Splunk processes from constantly starting and stopping every sixty seconds. jtacy had faced this same issue before, and showed how he configured modular input processes to run only once using the interval setting in inputs.conf.
https://answers.splunk.com/answers/444108/splunk-sub-processes-startstop-every-minute-splunk.html
Thanks for reading!
Missed out on the first seventy-nine Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo