Splunk has a predict command that can be used to predict a future value of a metric based on historical values. This is not a Machine Learning or an Artificial Intelligence functionality, but a plain-old-statistical analysis.
So if we have a single metric, based on historical results we can produce a nice prediction for the future (of definable span), but predicting multiple metrics in Splunk might not be as straightforward.
Continue reading Predicting multiple metrics in SplunkI started playing for Splunk Metrics rollups and but then tried to step out of the box and got a “Failed to apply rollup policy to index=’…’. Summary span=’7d’ cannot be cron scheduled” error.
Continue reading Splunk Failed to apply rollup policy to index… Summary span… cannot be cron scheduledThe XRP Ledger (XRPL) is a decentralized, public blockchain and rippled server software (rippled in future references) powers the blockchain. rippled follows the peer-to-peer network, processes transactions, and maintains some ledger history.
rippled is capable of sending its telemetry data using StatsD protocol to 3rd party systems like Splunk.
Continue reading How to collect StatsD metrics from rippled server using SplunkWhen you try plotting on a graph Splunk metric split by a dimension with the same name (as the metric itself) will show NULL instead of the dimension.
I’ve recently dipped my toes into Splunk Eventgen (Jinja templating). It’s an awesome app that allows you to generate sample events that can be ingested by Splunk (or for any other reason).
EventGen has two ways of configuring the event content generation:
While the traditional way is quite straightforward, the event’s format that I was after had a few nuances that made it not suitable for me, thus I had to fiddle with Splunk Eventgen Jinja templating.
Continue reading Splunk Eventgen Jinja templatingThis document will describe how to register to Splunk Partner Portal and transfer Certifications and Learning from your old email to a new one.
Continue reading How to Register to Splunk Partner Portal and transfer Certifications and LearningSplunk Connect for Kafka (aka SC4K) allows to collect events from Kafka platform and send them to Splunk. While the sending part (to Splunk) was pretty straight forward to me, the collection part (from Kafka) was very new, as I’ve had no experience with Kafka eco-system. So I guess will start with it.
Continue reading Splunk Connect for KafkaWhen having an exam with Pearson VUE, you would only get pass/faill result, but what if you want to know which section of the exam you have scored low and you want to brush up on the relevant skills? Here is how to get score breakdown for Pearson VUE exam.
Continue reading Get Score Breakdown for Pearson VUE ExamSo here is my understanding of the current Splunk Certification Tracks.
Of course you can go to the “source” https://www.splunk.com/en_us/training.html , but may be that visual representation will help someone
Continue reading Splunk Certification Tracks
Want to get a list REST API users and their IPs?
Run this search
index=_internal host IN(SH1,SH2,SH3) sourcetype=splunkd_access user != "-" clientip != "IP_of_SH1" clientip != "IP_of_SH2" clientip != “IP_of_SH3” NOT TERM(127.0.0.1) NOT TERM(splunk-system-user) | stats values(clientip) by user
The limitation is if the users are going via a Load Balancer, you will see Load Balancer’s IP as the clientip
