Do you ever get frustrated with Splunk and wonder why search performance is poor or your searches are finalizing early? Do you ever wonder about the quality of the searches in apps on SplunkBase (even those "Splunk approved", "Splunk supported", "Splunk Cloud vetted", and/or "Splunk AppInspect Passed"?
Bring your own SPL queries and questions and we will optimize them LIVE!
If there is time, we will take a look at some surprisingly problematic searches contained within some very popular apps: "Cisco Endpoint Security Analytics (CESA)" (AKA "Cisco NVM") and "Splunk Security Essentials".
Feel free to start the conversation early in the #dallas channel of splunk-usergroups.slack.com (sign up with http://splk.it/slack).
For this month, we are only virtual.