A community-built SPL + dashboard repository
GoSplunk
Discover field-tested SPL searches and full dashboard XML you can copy straight into Splunk.
Sample SPL
index=security EventCode=4625
| stats count by Account_Name, ComputerName
| sort - count 128
SPL searches
Hand-picked SPL searches from across the library.
Splunk Admin Account Activity - Account Modifications
Accounts Deleted via EventID's that Correspond with Post XP/2003 Operating Systems
Find unused dashboards
Linux Deletion of SSL Certificate (mitre : T1485 , T1070.004 , T1070)
Failed Login to OSX
List permissions for Users, roles, allowed indexes and indexes searched by default
Rename _time field in a TimeChart
Hosts Taking a Long Time to Scan - Qualys
Top Header cpu & memory status
Dashboards
Full XML dashboards with panels, inputs, and drilldowns. Copy once, ship instantly.