A community-built SPL + dashboard repository

GoSplunk

Discover field-tested SPL searches and full dashboard XML you can copy straight into Splunk.

Browse SPL Submit your SPL

Sample SPL

index=security EventCode=4625
| stats count by Account_Name, ComputerName
| sort - count

128

SPL searches

Hand-picked SPL searches from across the library.

spl

Apps Deployed from Deployment Server

▲ 0 ▼ 0

by SplunkNinja

spl

Search All Traffic by src / action - Creates Table

▲ 1 ▼ 1

by pocketaces

spl

IPS Traffic Increase

▲ 2 ▼ 6

by SplunkMasterFlex

spl

Enterprise Security crowdstrike

CrowdStrike Audit Event Correlation

▲ 2 ▼ 1

by LTRand

spl

opensense Networking

Blocked Firewall Scanning Activity with indicator if Source has been allowed.

▲ 4 ▼ 1

by thall

spl

Find queues that are nearly full

▲ 2 ▼ 0

by xoff00

spl

Find where actual hostnames don't match the host from the Universal Forwarder

▲ 0 ▼ 0

by splunk-pony

spl

DBConnect _internal

User Activity in DBConnect

▲ 5 ▼ 0

by SplunkNinja

spl

WinEventLog:Security

Failed Authentication to Non-existing Accounts

▲ 6 ▼ 0

by SplunkNinja

spl

Perfmon:Network Interface

Network Usage by KB per minute on a Windows Box

▲ 2 ▼ 1

by SplunkNinja

Dashboards

Full XML dashboards with panels, inputs, and drilldowns. Copy once, ship instantly.

dashboard

User Info Dashboard - Using REST

▲ 13 ▼ 0

by ItsJohnLocke

dashboard

LDAP Search Dashboard

▲ 2 ▼ 0

by pjcordes

dashboard

Searching Your Searches

▲ 13 ▼ 0

by kdor

dashboard

Truncated Data Issues

▲ 2 ▼ 0

by manderso

dashboard

Windows Logon Dashboard

▲ 13 ▼ 2

by thall

dashboard

License and Storage Usage Dashboard

▲ 1 ▼ 0

by manderso

dashboard

Deployed application status

▲ 1 ▼ 1

by manderso

dashboard

Windows Account Management Dashboard

▲ 3 ▼ 0

by thall

dashboard

NIX Debian Package (dpkg.log) Dashboard

▲ 1 ▼ 0

by thall

dashboard

Dashboard for Splunk Infrastructure/Server Specs at a Glance

▲ 23 ▼ 0

by SplunkNinja