Tips for Lighter Faster and Calmer Splunking – | makereults and | gentimes and some random()% too!

Ever needed to search but didn’t have the data? fighting to write the correct regex and have to search through millions of events over and over? what about checking whether your condition for alert works? do all that and more without spending a byte on indexing data, without hustle and without touching disk!


Ari Donio


