Time Offset on Splunk Servers

This Splunk Query shows if there is a time offset on your Splunk servers. I borrowed and modified this one from the splunk clock skew search posted on www.bbosearch.com (another pretty awesome site like this one!).  My version strips the unnecessary and renames some fields, but feel free to do what you want with it: […]

Continue Reading →

Events Sent to Null Que – Internal Logs

This will show events that have been sent to the null que within the splunk internal logs.  

Continue Reading →

Monitor for Service Changes in Windows

The following splunk search looks for changes in services within Windows.  

 

Continue Reading →

Monitor File Shares being Accessed in Windows

This splunk search will show file shares being accessed within windows environments.

Continue Reading →