Day 2 of the 2025 advent of code challenges is here: https://adventofcode.com/2025/day/2 You won't be able to do it if you haven't done day 1 first . We can break down this challenge in several steps: given a range (e.g. 11-22), enumerate all the IDs within the range (e.g. 11,12,13,...,22) given a number, assess whether it's made of 2 repeated halves somehow do this for all the ranges all together to get the solution Step 1 For this challenge, we'll start small. Let's just t

Windows events are a large part of the volume of logs ingested in a lot of splunk deployments. Wouldn't be cool if we could shrink them so they don't eat up so much precious precious license? In this post I'll walk through how I rebuilt Windows Event Logs (WELs) into a compact, Splunk-friendly format, cuting size by up to 60% without breaking field extractions. Key takeaways With a few targeted ingest actions and props/transforms tweaks, you can shrink Windows logs dramatical

The key thing I did not appreciate when I wrote the previous version of this post is that the Risk data model is now fed from...

Since RBA is all about aggregating security events that are related to the same entity, Assets & Identities normalisation is crucial to...

On the 18th of September 2024 I gave a talk on this topic at the London Splunk User Group meetup. Ingest Actions are a simple feature of...

I have been nominated for a 2023 Splunkie Award and I am delighted to be a finalist for the Inventor Award! https://conf.splunk.com/the-s...