Starting to Splunk!

Well I’m off to the Splunk conference.  Having only started using Splunk just over a month ago I can say there is quite a lot to digest and frankly I’m feeling a little overwhelmed. The challenge is starting from step 0 with a good bit of unstructured data knowing in the next year or so that will grow to an estimated 700GB/day. Part of the challenge is not knowing the full implication of choosing different methods to actually do things in splunk, like field extraction, in a way that doesn’t artificially limit or cause issues down the road. This is all while developing a program to handle it all toward multiple ends. In some respects I’m going from using an MSS to being an MSS. New job + new tool + new house (that we are doing renovation work on) = good times. And just for kicks I'm building, and have talked a few others into, building a plywood canoe that we can race each other in. 

At any rate I’m excited to be going and hope to accelerate the learning curve dramatically. If anyone has any Splunk tips I’d be interested in em!