Build a Simple Splunk Indexer Cluster

Disclaimer: This guide is to show a very simple step by step walk through of how to install and configure a Splunk Indexer Cluster. In my lab environment I am using the DVD install of CentOS 7, and the latest (at the time of install) version of Splunk which is version 7.2.3. There may be errors throughout this, there may also be better methods of [...]

Read more

Searching Your Searches

This is a straight-forward dashboard with a straight-forward problem to solve. I had a customer who was about to undertake a massive overhaul of their Splunk lexicon. [...]

Getting Started With Tstats & Accelerated Data Models – Part 3

Once your data model has been accelerated it is time to start writing SPL queries to take advantage of the recently accelerated data. There are many methods to doing this, but [...]

Getting Started With Tstats & Accelerated Data Models – Part 2

You’ve decided tstats and DMA is a good fit for you, or at least worth checking out. Excellent, let’s jump right into it! Web analytics, now faster! In this example [...]

Getting Started With Tstats & Accelerated Data Models – Part 1

If you haven’t used tstats and data model acceleration (DMA) yet, it’s time to start! Splunk slides aren’t marketing fluff claiming false information regarding DMA and [...]

Splunk Certification Program Relaunch

Splunk Announcement If you haven't heard yet, there is a major re-work of Splunk Certifications. Splunk announced a major upgrade to their certification program. This [...]

Torture the Data and it will Confess to Anything

Welcome to! This is the all encompassing area where we take a deep dive into various experiments, guides, and just all around geeky things that don't fit [...]