Site Map

Use this page as a quick way to find which areas of this website have value for you.

My apps

• ES Choreographer: manage ES correlation searches with peer reviews, simple TODO task system, and automated Best Practices evaluation, as shown in .conf21's How We Maintain Our Correlations in Splunk Enterprise Security

• GV-Utils: Utilities to have powerful submit buttons, HTML rendering, diffs, syntax highlighting, etc

• Conf Manager: search and track changes to your knowledge objects

RBA

• Risk event deduplication: a better way to dedup risk events in your RIR

Tips, tricks and best practices

Directly usable cool stuff.

• Dashboarding best practices: lots of small things to develop cool dashboards

• Linux tips: not really splunk related, but highly recommended if you ever use a bash terminal

• Splunk workload: dashboard to assess where search compute time is used

• Submit buttons that don't suck

• Untable, xyseries, tranpose A cool reminder of how these fundamental splunk commands work

Talks

• September 2024 London Splunk User Group: Ingest Actions and reducing license usage

• .conf21 ES Choreographer with the following sub topics:

  • correlation searches best practices

  • morning checks

  • peer reviews

  • TODOs

• .conf18 Change Tracking on premise using gitlab. Still entertaining but kind of made redundant by Conf Manager.

• .conf17 Running ES at capacity: getting a bit old now but full of still-relevant insight in data models

• .conf16 Regular expressions: a beginner's guide to regex