Site Map

Use this page as a quick way to find which areas of this website have value for you.

My apps

• ES Choreographer: manage ES correlation searches with peer reviews, simple TODO task system, and automated Best Practices evaluation, as shown in .conf21's How We Maintain Our Correlations in Splunk Enterprise Security

• GV-Utils: Utilities to have powerful submit buttons, HTML rendering, diffs, syntax highlighting, etc

• Conf Manager: search and track changes to your knowledge objects

RBA

• Risk event deduplication: a better way to dedup risk events in your RIR

Tips, tricks and best practices

Directly usable cool stuff.

Dashboarding best practices: lots of small things to develop cool dashboards

Linux tips: not really splunk related, but highly recommended if you ever use a bash terminal

Splunk workload: dashboard to assess where search compute time is used

Talks

Things to think about.

• .conf21 ES Choreographer with the following sub topics:

• correlation searches best practices

• morning checks

• peer reviews

• TODOs

• Submit buttons that don't suck

• .conf18 Change Tracking on premise using gitlab. Still entertaining but kind of made redundant by Conf Manager.

• .conf17 Running ES at capacity: getting a bit old now but full of still-relevant insight in data models

• .conf16 Regular expressions: a beginner's guide to regex