Home Archive by category "Operational Intelligence"

MS Windows, Splunk App for Enterprise Security 3.0 and the Case of the Disappearing Assets and Identities

󰀄
MS Windows, Splunk App for Enterprise Security 3.0 and the Case of the Disappearing Assets and Identities

Are you wondering where your Assets are?  Why you can’t find your identities, perhaps? Are you on Windows? With the recent release of version 3.0, there has been huge improvements in the power of the ES app, and the ease of its use. The Assets and Identities are one of the cornerstones of the ES

Charting Time over Time in Splunk

󰀄
Charting Time over Time in Splunk

  In the business world, people are looking at ways to constantly improve processes and systems. The only way to determine if progress is being made is to compare performance over a period of time to that same period of time a day ago, a week ago, a month ago, or even longer. Since Splunk

Accelerated Data Models in a Distributed Splunk Environment

󰀄
Accelerated Data Models in a Distributed Splunk Environment

Splunk v6.0.1 is packed with new features that enhance the user experience and can provide useful, lightning fast reports. For a full overview of the new features check out this link: Splunk 6! One of the new features that provide users the ability to build exceptionally fast reports is data models. Users can use the

Measuring Splunk Indexer Performance with IOMeter

󰀄
Measuring Splunk Indexer Performance with IOMeter

Welcome! In this post I’d like to cover testing the I/O performance of your indexer to its storage sub-system. ‘After the party, it’s the hotel lobby’ You can think of your indexer as the lobby of a busy hotel with the hotel guests being your data. In this hotel, guests are constantly streaming into the

Using HTTP with a HTTPS Proxy Forwarder in Splunk

󰀄

I recently ran into an issue  with the Splunk Forwarder and found that we can solve it with a simple python script udpate.  This is applicable to the Salesforce app for Splunk, but could be applicable to other use cases as well. Here, the requirement was to install the Salesforce TA into Splunk and configure

Off the beaten path – Splunk search head pooling without search head pooling?? Its possible…

󰀄
Off the beaten path – Splunk search head pooling without search head pooling?? Its possible…

Recently I was working with a client that was Splunk savvy and they wanted to try to implement something that was, what I would consider, off the beaten path. Here is the challenge:   This client was looking for a way to be able to take advantage of having multiple search heads for high resource

Say my name, say my name…

󰀄
Say my name, say my name…

As a consultant, I get asked this question from my clients all the time. They use Splunk everyday and when they log in they see this screen:   Splunk’s greatest asset is how customized we can make searches, reports, and dashboards, and so why shouldn’t we be able to customize our login screen? Well to

Think small, search faster

󰀄
Think small, search faster

Compared to a few years ago, it is almost unbelievable that we are able to sift the amount of data we can, and the speed with which we can do it. But like the fast cars we drive today that are much faster than similar cars of yesteryear, we get used to the speed we

Splunk lost its keys

󰀄
Splunk lost its keys

You have a working Splunk environment, and decide to utilize the deployment server functionality to make the deployment of apps and management of configuration files easier. You start by setting up the serverclass.conf file for the forwarder as the following: [global] continueMatching = true whitelist.0 = * restartSplunkd = false [serverClass:forwarder_serverclass] whitelist.0 = *spkfwd* [serverClass:forwarder_serverclass:app:forwarder_inputs]

Splunk App for Enterprise Security and PCI Compliance Correlation Search Drill-downs

󰀄
Splunk App for Enterprise Security and PCI Compliance Correlation Search Drill-downs

Introduction Welcome! In this post we’ll talk about time ranges in correlation search drill-downs in two apps, the Splunk App for Enterprise Security (ES) and The Splunk App for PCI Compliance (PCI). Correlation Searches and Drilling Down Okay, so what exactly are we talking about regarding correlation searches and drilling-down? Correlation searches look for notable

󰁓
󰀰 󰀩 󰀭 󰀎