Splunk .conf (and Aplura teammates) teaches old dogs new tricks

I’ve been doing this Splunk thing for quite a while (I’ll be celebrating my sixth year with Aplura soon). But the great thing about the variety of content available at Splunk’s annual conference, is that even us graybeards (only a little gray, thank you) can learn new things.

This year, the new tricks came from my Aplura teammate, and fellow SplunkTrust member, Kyle Smith. Kyle gave an updated version of his “Lesser Known Search Commands” talk this year (twice actually due to the room being full for the first go), and I was happy to have caught it again. He included new commands, like gentimes and makeresults, and also included my personal favorite, tstats. Kyle doesn’t just give a dry reading of the docs pages for these commands, he also gives real world examples or why and how you might use this commands in your own searching. He even included some hints on subsearches and the (somewhat dreaded) map command.

I highly recommend you check out this talk when the slides are posted, as well as the audio to get some of the nuances.

For another talk that gives some ideas on smarter searching, you should also check out the “Let Stats Sort Them Out: Building Complex Result Sets That Use Multiple Source Types” talk by SplunkTrust member Nick Mealy (a.k.a. Sideview).

Update 10/28/2016:

Slides have been posted! I’ve updated the post above with the correct links.