top of page

This site was designed with the

website builder. Create your website today.Start Now

GABRIEL VASSEUR

Geeking out on Splunk and IT Security

Search

Gabriel
- May 16
- 1 min read

Site Map

Updated: 5 days ago

Use this page as a quick way to find which areas of this website have value for you.

My apps

ES Choreographer: manage ES correlation searches with peer reviews, simple TODO task system, and automated Best Practices evaluation, as shown in .conf21's How We Maintain Our Correlations in Splunk Enterprise Security
GV-Utils: Utilities to have powerful submit buttons, HTML rendering, diffs, syntax highlighting, etc
Conf Manager: search and track changes to your knowledge objects

RBA

Risk event deduplication: a better way to dedup risk events in your RIR

Tips, tricks and best practices

Directly usable cool stuff.

Dashboarding best practices: lots of small things to develop cool dashboards

Linux tips: not really splunk related, but highly recommended if you ever use a bash terminal

Splunk workload: dashboard to assess where search compute time is used

Talks

Things to think about.

.conf21 ES Choreographer with the following sub topics:
correlation searches best practices
morning checks
peer reviews
TODOs
Submit buttons that don't suck
.conf18 Change Tracking on premise using gitlab. Still entertaining but kind of made redundant by Conf Manager.
.conf17 Running ES at capacity: getting a bit old now but full of still-relevant insight in data models
.conf16 Regular expressions: a beginner's guide to regex

Recent Posts

RBA: a better way to dedup risk events

This is the documentation for the Conf Manager app on splunkbase. This app allows you to search your knowledge objects and track their changes with colourful diffs, all in Splunk! Please read this who

This for the most part isn't splunk-specific, but if you do any amount of administration on the linux command line, you might find it helpful. .bashrc A better prompt In your .bashrc: PS1='\t \[\033[0

Post: Blog2 Post

bottom of page