A community-built SPL + dashboard repository
GoSplunk
Discover field-tested SPL searches and full dashboard XML you can copy straight into Splunk.
Sample SPL
index=security EventCode=4625
| stats count by Account_Name, ComputerName
| sort - count 128
SPL searches
Hand-picked SPL searches from across the library.
DNS search for encoded data
Query to see incidents logged by correlation search in ES incident review dashboard
Active Directory Password change attempts
Sysmon - cmd line for non -local connections
Detailed list of Universal Forwarders Reporting to Indexer
List of Extractions in Transforms.conf
New Service Installation on Windows
Successful Logons - Windows
Changes to Windows User Groups by Account
Dashboards
Full XML dashboards with panels, inputs, and drilldowns. Copy once, ship instantly.