A community-built SPL + dashboard repository

GoSplunk

Discover field-tested SPL searches and full dashboard XML you can copy straight into Splunk.

Browse SPL Submit your SPL

Sample SPL

index=security EventCode=4625
| stats count by Account_Name, ComputerName
| sort - count

128

SPL searches

Hand-picked SPL searches from across the library.

spl

Detect ShellShock Attempts in Apache Logs

▲ 6 ▼ 0

by mjeffery

spl

REST API: Table all Splunk User Email Addresses

▲ 3 ▼ 0

by SplunkNinja

spl

Uncategorized Fun Stuff & Helpful Hints

Pearson Coefficient of Two Fields

▲ 4 ▼ 0

by yangzd

spl

Repeated Unsuccessful Logon Attempts in Linux

▲ 2 ▼ 1

by SplunkNinja

spl

Total Hits on Least Active Day in IIS

▲ 0 ▼ 0

by SplunkNinja

spl

find blocking queues

▲ 9 ▼ 1

by sedi

spl

Show all successful splunk configuration changes by user

▲ 2 ▼ 2

by sedi

spl

count all events for 1 or multiple index(es)

▲ 6 ▼ 1

by sedi

spl

Top 5 Visiting Countries in IIS

▲ 0 ▼ 0

by SplunkNinja

spl

WinEventLog:Security

File Accesses in a Windows Environment by user

▲ 1 ▼ 0

by Go Splunk

Dashboards

Full XML dashboards with panels, inputs, and drilldowns. Copy once, ship instantly.

dashboard

Windows Sysmon Process Dashboard

▲ 7 ▼ 3

by thall

dashboard

Data Usage for Indexer and Forwarders

▲ 10 ▼ 0

by thall

dashboard

Simple File Integrity Monitoring Management Dashboard

▲ 15 ▼ 3

by splunkzilla

dashboard

Dashboard for Splunk Infrastructure/Server Specs at a Glance

▲ 23 ▼ 0

by SplunkNinja

dashboard

Truncated Data Issues

▲ 2 ▼ 0

by manderso

dashboard

Updated Netflow Activity dashboard

▲ 5 ▼ 0

by thall

dashboard

Windows Logon Dashboard

▲ 13 ▼ 2

by thall

dashboard

High Level Windows Dashboard

▲ 34 ▼ 5

by SplunkNinja

dashboard

License and Storage Usage Dashboard

▲ 1 ▼ 0

by manderso

dashboard

Auditd hosts in all environments

▲ 6 ▼ 0

by manderso