I write a monthly tips & tricks blog for Splunk users/consumers at my company but have steadily been running out of ideas. Anyone have anything they think is worth calling out? It can be as simple as a niche command, the idea of macros, alternatives to joins, really anything, fire away! The more the merrier. Thanks!
eventstats, chart, appends, dashboards, _time manipulation, account settings, how to comment, permissions, cron, transforming commands, lookups, logTypes, regex, html panels, transpose, alternatives to joins, interesting fields, splunk toolbar, app enhancements.
I like the drilldowns idea! I don't use tstats much, i'll look into it. advanced use of lookups is | lookup or [ |inputlookup]?, don't use transaction super frequently but can look at that too. keep the ideas coming!
What are some things you've already covered? Tstats is important, when to use stats instead of a transaction, "advanced" use of lookups, visualization tips like customizing drilldowns via the UI in later versions.