Seems like I’m staying on track for a post every 18-24 months, so it’s time…| Duane Waddle
Back in June, along with the release of Splunk 9.0, Splunk dropped several security advisories. I’m spending a little time digging in on SVD-2022-0607. Come along with me as we learn together.| Duane Waddle
Sorry this has taken so long to post. I caught a (thankfully very mild) case of covid at .cough2022 and between then and now life has not found a way (sorry Jurassic Park). Hopefully this is just the first of a few posts on stuff I’ve been working on and learning about since then.| Duane Waddle
I moved the blog to a new host. The old one was getting pretty old. In the process I got rid of Disqus and went to native WP comments, and cannot get the comment sync to work properly. So I’ve lost some comments, sorry. I don’t think this really affects anyone but me.| Duane Waddle
If you’ve worked with Splunk for a little while then you are probably familiar with the existence of the field _time. With Splunk being a time series data store, it makes sense that every event will have a time. Internally, Splunk parses the timestamp from your event and converts it to epoch (seconds since Jan 1 1970 00:00:00 UTC). When you use your time range picker to select a time range, that is also converted internally to epoch and used to control what data is searched.| Duane Waddle
UPDATE 2022-11-12, See https://www.duanewaddle.com/splunk-uf-9-0-and-posix-capabilities/| Duane Waddle
Consider this a draft. I’ll update it as I have time, but I’m posting now because it may help someone.| Duane Waddle
Introduction| Duane Waddle
We were discussing this on splunk-usergroups slack, and I said I should post it here and vraptor and dawnrise urged me to do so quickly — so here I am. (Thanks vraptor and dawnrise!)| Duane Waddle
I’ve got this Foo Fighters lyric stuck in my head …| Duane Waddle