A community-built SPL + dashboard repository
GoSplunk
Discover field-tested SPL searches and full dashboard XML you can copy straight into Splunk.
Sample SPL
index=security EventCode=4625
| stats count by Account_Name, ComputerName
| sort - count 128
SPL searches
Hand-picked SPL searches from across the library.
Query for when PowerShell execution policy is set to Bypass
License Usage by Index per Day
Top exploitable vulnerabilities (tenable)
Total Hits on Least Active Day in IIS
Searches to check search concurrency for historical or real time
Average Search Duration
Sourcetype missing in Datamodels
Median Duration of a Session within an IIS Web Environment
Remove mulitple values from a multivalue field
Dashboards
Full XML dashboards with panels, inputs, and drilldowns. Copy once, ship instantly.