The dojo of Splunk. Learn, share, teach, mentor.
Videos
Latest Activity
Michael Wilde commented on Mike Hartford's blog post 'tees for the holy day'
i checked at Splunk HQ. It looks like batbelt is out of production. If i had one myself, i'd ship it to you... (i'll ask around and see if anyone has one stashed).
tees for the holy day
I have several Splunk Tees, but I don't have the batbelt Tee I see the ninja has. Does anyone know how I can get a free version of that Tee? I am a devoted Splunk disciple and wear Splunk every Friday. I would cherish a new NO TIGHTS Tee to wear on that most holy day.See More
Blog post by Mike Hartford
Jason Hagerty updated their profile
.conf 2011 - Field Extractions: Making Regex Your Buddy
I did this presentation at Splunk's 2011 User Conference. I'm working on a video, but if you'd like to check out the presentation in the mean time, its embedded right here from SlideShare.net. Also, a direct download link for the PDF is below.
Direct Download of this Presentation (PDF)
Forum
New Splunk Taglines 2 Replies
Started by Michael Wilde in Humor, Taglines, Easter Eggs. Last reply by Pero Peric Jan 9.
Question about transform wmi on a heavy forwarder
Started by Tom in General Questions Dec 17, 2011.
Correlation between different source that have different value key 1 Reply
Started by Andi Susanto in Cool Search Commands. Last reply by Michael Wilde Nov 3, 2011.
Blog Posts
Applied Splunk: Transaction Search Operator - Linking Events Together
The "|transaction" command is a powerful search operator that allows the linkage of events together in to one large "meta-event". Most commonly, events can be linked together by fields they have in common. (Sendmail messages are linked by their "Queue ID, or qid") In sendmail logs, using the transaction search operator allows an entire mail conversation to be linked together in a single event; resulting in a nice packet of information for each mail message that a mail admin can better work… Continue
Posted by Michael Wilde on May 15, 2009 at 8:55am
The Search Cheatsheet (or) Field Conversion with Splunk
I'm working on a challenge with some "sendmail_syslog" data. Those are the logs generated by a sendmail mailer daemon. The log format looks like this:
Aug 23 11:42:59 splunk3 sendmail[1394]: n7NIgqtH001374: to=spamme@splunkit.com,
delay=00:00:04, xdelay=00:00:00, mailer=local, pri=30405, dsn=2.0.0, stat=Sent
When you index this type of data with Splunk it reads it just fine (as it does all text data). Conveniently, the search-time field extraction magic… Continue
Aug 23 11:42:59 splunk3 sendmail[1394]: n7NIgqtH001374: to=spamme@splunkit.com,
delay=00:00:04, xdelay=00:00:00, mailer=local, pri=30405, dsn=2.0.0, stat=Sent
When you index this type of data with Splunk it reads it just fine (as it does all text data). Conveniently, the search-time field extraction magic… Continue
Posted by Michael Wilde on August 23, 2009 at 12:49pm
Notes
Redesign
I'm kinda bored with the UI on this website and will make it better... Also, I need to do some new shirts.. if anyone wants to help, let me know.
...just sayin
Created by Michael Wilde Mar 3, 2011 at 7:30am. Last updated by Michael Wilde Mar 22, 2011.
Events
The SplunkNinja social network is a community for Splunk users, customers and enthusiasts. Share, learn and communicate. Freely.
Be a part of the community!
Help fund SplunkNinja.com
(this site is not funded by Splunk, Inc). There are monthly fees to remove advertising. Help out if you like
Splunk Ninja T-Shirts
Since we're a community, we put together some logo wear which we hope everyone likes. It is available for purchase (with no profit) here.
Note: they're American Apparel. No crap here.
© 2012 Created by Michael Wilde.
