Splunk 7.2.2 and systemd

Consider this a draft.  I’ll update it as I have time, but I’m posting now because it may help someone. Splunk 7.2.2 brought along new features (which previously didn’t happen in a “maintenance release” – but that’s another topic for another time).  One of the new features is “systemd support”.  It didn’t take long before […]

Continue reading


Back from the brink?

I really gave up on blogging for a long time. “So busy” and all that. I’m trying to get back, lets just call all of that ‘excuses’. So in support of that, a whole bunch of housekeeping on the site. Latest and greatest remote exploits .. err I mean wordpress 😉 SSL by default thanks […]

Continue reading


Nullqueue Sampling

One of the first things the average Splunk administrator has to learn about the hard way is how to send traffic to the Splunk nullQueue.  It’s almost a rite of passage — you configure a new data source, somewhat unaware of the tens of thousands of mostly-useless events it produces.  It blows out your license […]

Continue reading