Gabriel
Linux tips
This for the most part isn't splunk-specific, but if you do any amount of administration on the linux command line, you might find it...
Geeking out on Splunk and IT Security
Search
Gabriel
Splunk workload optimisation
Assess your search workload with this simple dashboard. Here's a very quick dashboard to identify what uses your splunk platform...
Gabriel
ES-Choreographer
This is the documentation for the ES-Choreographer app on splunkbase. This app offers various frameworks to help manage and improve...
Gabriel
GV-Utils
This is the documentation for the GV-Utils app on splunkbase. This app offers various utilities to solve a number of problems in Splunk:...
Gabriel
Dashboarding Best Practices, Tips & Tricks
Splunk’s “simple XML” dashboards are reasonably simple and straightforward to create, yet they are incredibly versatile and powerful. You...
Gabriel
Maintaining your correlation searches with ES Choreographer
I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf/mp4. If you’re looking for the source code for the things...
Gabriel
Audit your correlation searches against your own Best Practices automatically
I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf/mp4. One of the topics is Correlation Searches Best...
Gabriel
Test your correlation searches end-to-end with Morning Checks
I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf/mp4. One of the topics is morning checks. Basically you...
Gabriel
Add an in-splunk after-the-fact Peer Review system for your correlations
I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf/mp4. One of the topics is having a simple peer review...
Gabriel
Add a simple TODO management system for your correlations
I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf/mp4. One of the topics is having a simple task management...
Gabriel
Easy yet powerful submit buttons in your simple XML dashboards
There are a number of issues with Splunk’s simple XML forms submit button: you can't have more than one you can't move it you can't hide...
Gabriel
Change Tracking in Splunk
Are you tracking changes in your Splunk deployment? Most people don't, unless they can justify having a custom (heavy!) process using...
Gabriel
Running Splunk Enterprise Security at Capacity with Data Model Acceleration
Data models and especially their acceleration are often misunderstood by Splunk users. Yet they are absolutely critical, especially for...
Gabriel
Regular Expressions
Regular expressions are extremely useful. They are everywhere, including in Splunk. And they are useful to everyone, not just data...