How can I get 2 days of in person Splunk training?
Come to .conf 2011!!! The 2nd annual Splunk user’s conference is upon us in a few weeks. It is hard to describe how much knowledge is spread throughout the Splunk world in such a short period of...
View ArticleChoosing a Forwarder, or not
When deploying Splunk in the wild, there is the task of deciding “to forward, or not to forward”. This decision comes down to many factors, but the typical response/answer is to use the forwarder. In...
View ArticleIndex backup strategy
In this post, I’ll cover one strategy to backup your index. Before we go any further… Do not do any of this on your production system without testing This applies for version 4.2.x only You should...
View ArticleSplunk and Chef
For those of you that run Chef in your Splunk environment, or are thinking of doing it, I have some great news. There is now an open source code base on github. Big thanks to Bryan Brandau and Aaron...
View ArticleRestoring an index
In a recent post, I covered some details around a backup strategy. I left a bit of a teaser at the end, stating I would follow up with a post on index restoration. Well, here it is… There are a few...
View ArticleSplunk and AWS sizing revisited
Some time last year, I posted some recommendations for running Splunk on Amazon Web Services (AWS). While the base recommendations for how to size and architect Splunk have not changed, we do have...
View ArticleBest Practices with Splunk
So it is that time of year again, where all the Splunkers unite in one location to talk Splunk. This means the best and brightest that work for Splunk will be out in force, ready to talk and teach you...
View ArticleTips and Tricks for the new guy
Before we dive into the meat of things, let me first explain how this came up… A newer user/admin of Splunk was attending our conference (#datajourney) and found that there was this convenient...
View ArticleNetwork Inputs – Best Practices…
When architecting a Splunk deployment, there is almost always a requirement to support syslog event streams from many devices. While Splunk can easily accept syslog data directly from these external...
View ArticleWhat’s going on with AWS and Splunk…
All of my posts seem to be sparked by some sort of customer interaction. The last few have been about how to do something, but this one is about what we are doing. A customer recently asked: ”What...
View Article