The dojo of Splunk. Learn, share, teach, mentor.
Videos
Latest Activity
Michael Wilde replied to Nikita's discussion Count failures and success via transaction"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"
.conf 2011 - Field Extractions: Making Regex Your Buddy
I did this presentation at Splunk's 2011 User Conference. I'm working on a video, but if you'd like to check out the presentation in the mean time, its embedded right here from SlideShare.net. Also, a direct download link for the PDF is below.
Direct Download of this Presentation (PDF)
Forum
Count failures and success via transaction 1 Reply
Started by Nikita in Cool Search Commands. Last reply by Michael Wilde on Friday.
Rex, Regex and Field Extraction Question 2 Replies
Started by Ray Seals in Regex & Search-Time Field Extraction. Last reply by Ray Seals May 3.
Video effects 1 Reply
Started by Andy in General Questions. Last reply by Andy Mar 30.
Blog Posts
Configuring Apache as a reverse proxy to Splunk
My company has a demo VM running WebSphere Portal, and I also put Splunk on that server to help me troubleshoot it remotely much more efficiently. However, the only public traffic allowed into that VM is over ports 80 and 443.
That VM already has an instance of Apache (IBM HTTP Server actually) running, and the WebSphere plugin makes it function as a reverse proxy to WebSphere Application Server. It's configuration handles it's own set of URIs, so I needed to make Apache handle the… Continue
That VM already has an instance of Apache (IBM HTTP Server actually) running, and the WebSphere plugin makes it function as a reverse proxy to WebSphere Application Server. It's configuration handles it's own set of URIs, so I needed to make Apache handle the… Continue
Posted by Dave Jones on November 16, 2009 at 6:46am — 6 Comments
Getting more intelligence on how much data splunk is eating.
As you know, there is a License pane in Splunk Manager (admin interface) that lets you know your "peak daily volume", and that figure is compared against your license volume. (free, or enterprise)
In the Splunk search app, (as of version 4.0.5) there is an "Index Activity" status dashboard in the search app (http://yoursplunkserver:8000/en-US/app/search/index_status). It does give you more information such as:
In the Splunk search app, (as of version 4.0.5) there is an "Index Activity" status dashboard in the search app (http://yoursplunkserver:8000/en-US/app/search/index_status). It does give you more information such as:
- Top five sourcetypes (by total KB indexed) in the last…
Posted by Michael Wilde on November 6, 2009 at 8:24am — 4 Comments
Notes
Redesign
I'm kinda bored with the UI on this website and will make it better... Also, I need to do some new shirts.. if anyone wants to help, let me know.
...just sayin
Created by Michael Wilde Mar 3, 2011 at 7:30am. Last updated by Michael Wilde Mar 22, 2011.
Events
The SplunkNinja social network is a community for Splunk users, customers and enthusiasts. Share, learn and communicate. Freely.
Be a part of the community!
Help fund SplunkNinja.com
(this site is not funded by Splunk, Inc). There are monthly fees to remove advertising. Help out if you like
Splunk Ninja T-Shirts
Since we're a community, we put together some logo wear which we hope everyone likes. It is available for purchase (with no profit) here.
Note: they're American Apparel. No crap here.
© 2012 Created by Michael Wilde.
