Blog

 

Category Archives: General Splunk

Custom Maps – 3, Converting Your Map Into a Choropleth Map

Imagine plotting your printer error count directly on a floorplan, or dropping count of failed backups on a campus map so you know which locations are having problems! If you were to search for “Splunk custom map”, you might find as I have that the only customizations they talk about involve just putting *your* data […]

Also posted in Cisco CDR | Leave a comment

Custom Maps – 2, Using Your Map Inside Splunk

Imagine plotting your printer error count directly on a floorplan, or dropping count of failed backups on a campus map so you know which locations are having problems! If you were to search for “Splunk custom map”, you might find as I have that the only customizations they talk about involve just putting *your* data […]

Also posted in Cisco CDR | Leave a comment

Custom Maps – 1, Create a Tileset

Imagine plotting your printer error count directly on a floorplan, or dropping count of failed backups on a campus map so you know which locations are having problems! If you were to search for “Splunk custom map”, you might find as I have that the only customizations they talk about involve just putting *your* data […]

Also posted in Cisco CDR | Leave a comment

Postprocess searches – pitfalls galore

As you develop a custom view you start with one chart or one table. After a while you’ve added and added, and you’re dispatching several searches. Often you’ll see that a lot of searches are pretty similar to each other. You’re getting the same events off disk more than once and you’re making Splunk do […]

Leave a comment

There’s always a worse way

In the Splunk search language there is almost always a better way, and someone on answers.splunk.com to teach you about it. Less commonly advertised though, is the fact that there is ALWAYS a worse way… So let’s drive the wrong way down a one way street. Bear with me. First, a warning. Driving the wrong […]

Leave a comment

Fire drill around Splunk 5.0

We just updated all of our apps!  Why, you ask? Well, Splunk 5.0 was released this morning, and despite having tested everything against earlier 5.0 builds,   when the GA version of Splunk 5.0 released this morning, we had a little problem! As you (the Sideview user) know,  Sideview Utils and Sideview apps in general […]

Leave a comment