Gabriel
RBA: a better way to dedup risk events
In this post we’re discussing an advanced way to dedup risk events in your risk alerts (RIRs) and at the same time have the RIR results...
top of page
Geeking out on Splunk and IT Security
Search
Gabriel
Site Map
Use this page as a quick way to find which areas of this website have value for you. My apps ES Choreographer: manage ES correlation...
Gabriel
Conf Manager
This is the documentation for the Conf Manager app on splunkbase. This app allows you to search your knowledge objects and track their...
Gabriel
Linux tips
This for the most part isn't splunk-specific, but if you do any amount of administration on the linux command line, you might find it...
Gabriel
Splunk workload optimisation
Assess your search workload with this simple dashboard. Here's a very quick dashboard to identify what uses your splunk platform...
Gabriel
ES-Choreographer
This is the documentation for the ES-Choreographer app on splunkbase. This app offers various frameworks to help manage and improve...
Gabriel
GV-Utils
This is the documentation for the GV-Utils app on splunkbase. This app offers various utilities to solve a number of problems in Splunk:...
Gabriel
Dashboarding Best Practices, Tips & Tricks
Splunk’s “simple XML” dashboards are reasonably simple and straightforward to create, yet they are incredibly versatile and powerful. You...
Gabriel
Maintaining your correlation searches with ES Choreographer
I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf/mp4. If you’re looking for the source code for the things...
Gabriel
Audit your correlation searches against your own Best Practices automatically
I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf/mp4. One of the topics is Correlation Searches Best...
Gabriel
Test your correlation searches end-to-end with Morning Checks
I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf/mp4. One of the topics is morning checks. Basically you...
Gabriel
Add an in-splunk after-the-fact Peer Review system for your correlations
I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf/mp4. One of the topics is having a simple peer review...
Gabriel
Add a simple TODO management system for your correlations
I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf/mp4. One of the topics is having a simple task management...
Gabriel
Easy yet powerful submit buttons in your simple XML dashboards
There are a number of issues with Splunk’s simple XML forms submit button: you can't have more than one you can't move it you can't hide...
Gabriel
Change Tracking in Splunk
Are you tracking changes in your Splunk deployment? Most people don't, unless they can justify having a custom (heavy!) process using...
Gabriel
Running Splunk Enterprise Security at Capacity with Data Model Acceleration
Data models and especially their acceleration are often misunderstood by Splunk users. Yet they are absolutely critical, especially for...
Gabriel
Regular Expressions
Regular expressions are extremely useful. They are everywhere, including in Splunk. And they are useful to everyone, not just data...
Blog: Blog2
bottom of page