Splunk 7.2.2 and systemd

Consider this a draft.  I’ll update it as I have time, but I’m posting now because it may help someone. Updated 2019-04-07:  Some improvements thanks to Red Hat support.  I am also trying to collect the knowledge and experience of other SplunkTrust and Splunk community people in order to document this more completely.  Many thanks […]

Continue reading


Back from the brink?

I really gave up on blogging for a long time. “So busy” and all that. I’m trying to get back, lets just call all of that ‘excuses’. So in support of that, a whole bunch of housekeeping on the site. Latest and greatest remote exploits .. err I mean wordpress 😉 SSL by default thanks […]

Continue reading


Nullqueue Sampling

One of the first things the average Splunk administrator has to learn about the hard way is how to send traffic to the Splunk nullQueue.  It’s almost a rite of passage — you configure a new data source, somewhat unaware of the tens of thousands of mostly-useless events it produces.  It blows out your license […]

Continue reading