This query will show any clustered indexers that are currently in maintenance mode. For it to work as an alert you will need to schedule it. It will not work if you run it in real time. sourcetype=splunkd reason=”‘Maintenance mode*” | dedup host | eval maintenance_mode_enabled=if(reason=”‘Maintenance mode started'”, “true”, “false”) | where maintenance_mode_enabled=”true” | […]
Nessus Security Center Dashboard
Description: This dashboard is intended make it easier to search the results from Nessus Security Center. It doesn’t require any additional addons. <form> <label>Nessus Scan Results</label> <fieldset submitButton=”true” autoRun=”false”> <input type=”checkbox” token=”t_severity”> <label>Severity</label> <choice value=”Critical”>Critical</choice> <choice value=”High”>High</choice> <choice value=”Medium”>Medium</choice> <choice value=”Low”>Low</choice> <prefix>(</prefix> <suffix>)</suffix> <initialValue>Critical,High,Medium,Low</initialValue> <valuePrefix>severity.name=</valuePrefix> <delimiter> OR </delimiter> </input> <input type=”multiselect” token=”t_scan_name”> <label>Scan Name</label> <choice […]
LDAP Search Dashboard
Description: This dashboard is designed to simplify Splunk’s LDAPSEARCH command. LDAP must be configured in your Splunk instance for this to work. <form> <label>LDAP objectClass/CN/OU Search</label> <description>LDAPSEARCH Dashboard.</description> <fieldset submitButton=”true” autoRun=”false”> <input type=”radio” token=”objectClass_field”> <label>objectClass</label> <default>*</default> <choice value=”*”>Any objectClass</choice> <choice value=”user”>Users</choice> <choice value=”computer”>Computers</choice> </input> <input type=”text” token=”cn_field”> <label>CN</label> <default>*</default> </input> <input type=”text” token=”ou_field”> <label>OU</label> […]
