A community-built SPL + dashboard repository

GoSplunk

Discover field-tested SPL searches and full dashboard XML you can copy straight into Splunk.

Sample SPL

index=security EventCode=4625
| stats count by Account_Name, ComputerName
| sort - count

128

SPL searches

Hand-picked SPL searches from across the library.

Browse all

spl

F5 BigIP Brute Force and Session Abuse

▲ 2 ▼ 6

by riparino

spl

WinEventLog:Security

Gauge of Windows Failed Logons

▲ 2 ▼ 0

by Go Splunk

spl

opsec

Port usage for opsec sourcetype

▲ 1 ▼ 0

by pradeep577

spl

WinEventLog:Security

Password Non Compliance Windows

▲ 0 ▼ 1

by SplunkNinja

spl

linux_secure

Number of Hosts the Root Account was Detected on

▲ 2 ▼ 0

by SplunkNinja

spl

_internal

Forwarder TCP Connections info

▲ 4 ▼ 0

by thall

spl

Qualys

High Severity Vulnerabilities - Qualys

▲ 0 ▼ 0

by SplunkNinja

spl

_internal

Failed Attempts to Logon to Splunk Web

▲ 4 ▼ 2

by SplunkNinja

spl

_internal

Original posted in 2015 Testing an issue with brackets

▲ 0 ▼ 0

by Thomas Chase

spl

WinEventLog:Security

Failed Windows Remote Desktop Connection Attempt

▲ 4 ▼ 0

by SplunkNinja

Dashboards

Full XML dashboards with panels, inputs, and drilldowns. Copy once, ship instantly.

Browse all

dashboard

Dashboards

Bucket Status Dashboard

▲ 5 ▼ 0

by manderso

dashboard

Dashboards

Alerts in a Panel with Drilldown

▲ 7 ▼ 0

by AzJimbo

dashboard

Dashboards

High Level Windows Dashboard

▲ 34 ▼ 5

by SplunkNinja

dashboard

_internal

Top 10 Accessed Dashboards

▲ 1 ▼ 1

by Azeemering

dashboard

Dashboards

FireEye Internals Monitoring

▲ 4 ▼ 0

by LTRand

dashboard

Dashboards

emoji bonanza

▲ 10 ▼ 1

by AzJimbo

dashboard

Dashboards

Searching Your Searches

▲ 13 ▼ 0

by kdor

dashboard

Dashboards

ProofPoint TAP Dashboard

▲ 4 ▼ 5

by riparino

dashboard

Dashboards

Windows Logon Dashboard

▲ 13 ▼ 2

by thall

dashboard

_audit Dashboards

Triggered Alert Analytics

▲ 6 ▼ 1

by riparino