This article is based on my Splunk .conf 2015 session and is the second in a mini-series on Splunk data model acceleration. Make sure to read part 1 first. Under the Hood HPAS Population The high-performance analytics store (HPAS) is populated by scheduled searches that run every 5 minutes. The HPAS spans a user-defined time range. Old events are purged automatically by a maintenance process that runs every 30 minutes.

This article is based on my Splunk .conf 2015 session and is the first in a mini-series on Splunk data model acceleration. Why Accelerate? Have you ever seen this? Splunk is great and very fast with needle in a haystack searches, e.g. find a specific keyword in millions of events. It is not so fast with searches that perform calculations on millions of events, e.g. the sum or average of fields.

It smacks of lazy reviewers looking for eye-candy. Simon Crosby, former Citrix CTO Citrix Synergy Team, I am writing to you as a guy who has presented many times at Synergy. This year alone I had three sessions, one in cooperation with my community peers Aaron Parker and Shawn Bass, the other two on my own - one in the Geek Speak track, the other in the regular Synergy breakout session track. All three sessions were a great success and have been rated highly.

What is API Hooking? API hooking is all about making others do things they never even knew they could do. More precisely: tricking other processes into doing things differently from what their developers programmed.

PowerShell is a popular and extremely versatile tool, but is it a good idea to use PowerShell in logon scripts? Let’s try to find out! Setting the Stage I am going to compare the resource utilization of the following languages frequently used with logon scripts:

FileIOTest is a command line tool that tests the speed of local or remote (SMB) storage by performing some common file IO operations repeatedly and measuring the duration. These are the main facts:

If you work with text, you need version control. That rule applies regardless of whether you write code or poetry (some might argue that those two are the same, anyway). Ignoring the CVS and SVN dinosaurs two distributed version control systems are being regarded as state of the art: Git and Mercurial. Functionality-wise they are nearly identical, but it seems that Git, with its open-source background, is poised to take over the enterprise, too, where Mercurial used to be strongest.

As I found out the (excellent) Egnyte Desktop Sync client for Windows ignores directories that have the system attribute set. For some reason some of the directories I wanted to sync did have this attribute set. Getting rid of the system attribute on (many) directories is harder than it seems.

Citrix Synergy, E2EVC and BriForum are just around the corner. I will be presenting at each of these conferences. Here are a few tidbits to whet your appetite. Citrix Synergy Orlando Having spent the majority of the past weeks preparing my sessions it feels good to finally be able to present! I will be on stage at next week’s Citrix Synergy Orlando three days in a row, starting Tuesday, May 12th at 2 PM with SYN502 - I’ve got 99 problems, and folder redirection is every one of them. That session is a follow-up to the last year’s very successful folder redirection presentation, and I am co-presenting with the awesome Aaron Parker (@stealthpuppy) and Shawn Bass (@ShawnBass).

As far as I know there is no “official” way to set the width, height and screen position of Citrix Desktop Viewer in window mode. It can be done easily by changing a few registry values, though.

Update 2015-04-28: Citrix provides the limited release hotfix ICATS760WX64009 that fixes this issue. More information below. During the research for my session about the XenApp 7.6 logon process, to be presented at Citrix Synergy and BriForum London, I noticed that the logon to my XenApp 7.6 lab server was taking a bit long. Longer, in fact, than the combined durations of the main logon phases user profile loading, group policy processing, logon script execution and shell startup. Much longer. Also much longer than on an otherwise similar XenApp 6.5 machine.

One of the (many) great things about Splunk is that data, once indexed, is not being tampered with. Of course, you can choose for how long you want to retain your data, but Splunk won’t go and average multiple older events into one, because that would flatten peaks and remove potentially important detail.

Splunk’s Universal Forward has the neat capability of executing arbitrary scripts while capturing their output and sending that to Splunk. This feature allows you to turn any executable, batch file or PowerShell script into a Splunk data source, making the data collection options basically limitless. This post explains a few tricks that are difficult to find otherwise.

This is a guest post by Bryan Chriscoli, who implemented an innovative alternative to folder redirection with the help of symbolic links, AppSense products and PowerShell scripting. All credit goes to him.

As with any other product, when working with Gmail you sometimes get to a point where you want something the product simply does not provide. When that happens, a scripting interface can be a lifesaver. Let’s see how we can put Google Apps Script to use.

VMware recognized my contributions to the virtualization community by awarding me their vExpert title. Many thanks to everybody who made that possible, the readers of this blog, the attendees of my presentations, the users of my tools and all the great people of the virtualization community!

When you need to simulate a real Active Directory with thousands of users you quickly find that creating realistic test accounts is not trivial. Sure enough, you can whip up a quick PowerShell one-liner that creates any number of accounts, but what if you need real first and last names? Real (existing) addresses? Postal codes matching phone area codes? I could go on. The point is that you need two things: input files with names, addresses etc. And script logic that creates user accounts from that data. This blog post provides both.

As the Box IPO shows enterprise cloud file synchronization & sharing (EFSS) is a hot topic. Yet the hottest vendors do not “get” security. Kryha-Chiffriermaschine, Kryha-Encryption Device by Ryan Somma under CCWhat is Cloud EFSS? Everybody knows what a file server is. It stores any kind of document an organization needs to work with. As such its importance is similar to email. A file server’s main characteristics are:

uberAgent is the perfect monitoring and analysis tool for virtualized and physical Windows workloads. In a nutshell, it tells you what is going on and why things are slow. Seeing is Believing There are a number of easy ways to see what uberAgent can do in practice:

Or: Getting rid of Caps Lock & creating the missing context menu key I like my current laptop, a Lenovo W540, but details of the keyboard layout really deteriorate the user experience (not to mention the horrible trackpad - I can only recommend you carry a mouse or buy the successor which is rumored to sport a less terrible design).

Despite its great power, Splunk is relatively static with regards to the data it processes. You cannot instruct it to simply run a script on all endpoints and index the results. The app HK Systems Management changes that. It turns Splunk into a kind of PsExec on steroids.

Using SSL for the entire website should be the norm these days. If you have a decent server it does not significantly reduce page speed and it allegedly even helps your Google ranking. I covered enabling SSL and configuring it so that you get an A ranking in the Qualys test in another post. This article shows how to convert an existing WordPress site from HTTP to HTTPS.

2019-10-01: with the 2019 September update KB4516045 BitLocker uses software instead of hardware encryption by default. Likely reason: the security of software encryption can be controlled by Microsoft. Hardware encryption in the drive may be buggy.

I have always found my blog’s comments a great source of feedback. In many cases, readers have contributed valuable additions to the article content or pointed out errors which I subsequently fixed. However, there is a dark side to enabling others to add content to your side: spam. Here is how I am (successfully) dealing with that threat.