A community-built SPL + dashboard repository
GoSplunk
Discover field-tested SPL searches and full dashboard XML you can copy straight into Splunk.
Sample SPL
index=security EventCode=4625
| stats count by Account_Name, ComputerName
| sort - count 128
SPL searches
Hand-picked SPL searches from across the library.
Sysmon - cmd line for non -local connections
Timechart of the status of an Locked Out Account
Verify Windows Updates have been Applied
REST Call for a list of Alert actions (Webhook_sms or Email or notable or ..)
Splunk Admin Account Activity - Account Modifications
Number of Hosts the Root Account was Detected on
Windows Power Off Duration
File Deletion Attempts In Windows
Apache High Level Visitor Info
Dashboards
Full XML dashboards with panels, inputs, and drilldowns. Copy once, ship instantly.