/Splunking/ v, as in "To Splunk", "I was splunking"

Really though, it's a software program. Splunk. It's great - it's like Google for log files :D
It's a resource hog though. The minimum specifications on the Splunk site say 1.4GHz. Well, I installed it on my Via C3 1GHz and it was ok. Then I got interested, and now I have it installed on my K6-2 333Mhz with 128MB of RAM ;)

Actually the RAM is a problem. The machine swaps with only 128M. Badly. The load is steady at about 0.3 though, so the CPU is fine. During a search, it will usually shoot up to 1. The Via machine didn't swap much though, and that only has 384MB of RAM. So the more RAM the better (Splunk do actually mention that that program is very memory-hungry).

I don't have many log files though. A couple of hundred MB all up. Also, I don't intend on keeping more than a months worth of log files in Splunk. Most problems I have with my servers occur within a matter of hours, not weeks! To make Splunk delete files after they get older than 30 days:

vi /opt/splunk/etc/system/local/indexes.conf

And insert the line:

frozenTimePeriodInSecs = 2592600