... and now we can SPL "(?<foo>s[hi]{2}t)" presented at ShellCon.io 2020

by Mary Cordova,

Summary : So you’ve put a giant pile of data into Splunk… how do you get started digging into it, cleaning it up, making it useful and manageable so that you can derive value from it?This is a simple methodology for getting started with a new unfamiliar data set that will help you figure out what’s useful so that you can start developing alerts, reports, dashboards etc.If you want to play along at home, download and boot the VM (well) ahead of time: 30G available disk space required; configurable RAM/CPU bit.ly/shellcon2020-spl.