A community-built SPL + dashboard repository
GoSplunk
Discover field-tested SPL searches and full dashboard XML you can copy straight into Splunk.
Sample SPL
index=security EventCode=4625
| stats count by Account_Name, ComputerName
| sort - count 128
SPL searches
Hand-picked SPL searches from across the library.
All indexes not explicitly granted to a role
List the size of lookup files with an SPL search.
Baselining Dashboard
List Ports Forwarders are Using
Windows Failed Logons with Average Overlay
port scan attack (by juniper)
Percentage of Daily License Usage
List of Alerts via REST
Active Directory Password change attempts
Dashboards
Full XML dashboards with panels, inputs, and drilldowns. Copy once, ship instantly.