SplunkTalk – #43 – Chain of fools

Chay-Chay-Chain… Chain of fools. Well, the title seemed clever at the time. Maverick and Wilde are chattin about some interesting stuff today. Maverick has a question around “Chaining Lookups” (i.e. — calling one lookup after another, and how precedence is dealt with). Wilde answers a question focusing on tracking user activity across Windows Event Logs with the “transaction” command in the Splunk search language. NERD ALERT!: Wilde discovers that PROPS.CONF now has prioritization on its matching rules, and Maverick looks at some Disaster Recovery scenarios. All this… and more!

Episodes are recorded live every Friday at 11AM Central Time – Email us at to ask questions and have them answered on air!

Enjoy Listening!

Michael Wilde

Posted by


Join the Discussion