SplunkTalk – #67 – Will they ever return? ;)

Maverick? Splunk Ninja? Where are you guys? Is this the end of SplunkTalk? Rest assured fine feathered listeners, it is not. This is really the end of what feels like the second season of SplunkTalk. After Splunk’s User Conference 2012 (Sept 10-12 in Las Vegas at the Cosmopolitan), we’ll be starting a new season with an enhance format, some more personalities and a whole lot more Splunkin!. On this episode, Maverick and Wilde talk about some interesting things they’ve learned lately. Maverick presents an interesting challenge with using the “Transaction” search command with Windows Security Event Logs and the way fields appear. Wilde discovers that even though you might be awesome at regex for making fields, there are some times you just can’t actually find your field–and we’ll show you how to overcome that. A few more nerdy tidbits and the usual silliness. SplunkTalk, comin back in October 2012 – Season 3. Tell your friends. Tell us what you’d like to hear about as well!!

Episodes are recorded live every Friday at 11AM Central Time – Email us at to ask questions and have them answered on air!

Michael Wilde

Posted by