Back to the Blog

Moving? Don’t leave anything behind...

Posted by Rupak Pandya on Tuesday, May 10, 2016 - 11:51 Operational Intelligence Knowledge Objects, Splunk 6.3, Splunk 6.x, REST API, Lookups, macros, saved searches, event types, data models
My client was creeping up on their massive Splunk infrastructure migration to all new hardware and they wanted a quick and simple way to be sure that the knowledge objects in their environment were migrated successfully and nothing important was left behind. 
 
I suggested a solution that would utilize the various REST API searches that are available to gather this information and present it in a simple way.
 
We came up with a list of the knowledge objects and other important items they had in their environment. We ended up starting with the...
read more

Macros and Tokens: Getting the Best Use of Them

Posted by Elizabeth Makepeace on Tuesday, January 26, 2016 - 11:04 Cool Tools, Operational Intelligence Splunk, Cool Tools, Simple XML, macros, Operational Intelligence, tokens

While at a client recently, I had the task of creating a dashboard with the ability to look at Linux and Windows data's highest points and averages. The Windows and Linux data needed to be viewed separately, but still have the ability to view the data in total. To accomplish this, I created a base search using six macros: two to encompass both operating systems with each calculation mode, and two per operating system for each calculation mode.My first step was to create the macros. This is done by Settings > Advanced Search > Search Macros. Once at this page, click “New”. You will be...

read more
Stay In Touch