A community-built SPL + dashboard repository
GoSplunk
Discover field-tested SPL searches and full dashboard XML you can copy straight into Splunk.
Sample SPL
index=security EventCode=4625
| stats count by Account_Name, ComputerName
| sort - count 128
SPL searches
Hand-picked SPL searches from across the library.
Pass the Hash Detection
Blocked Firewall Scanning Activity with indicator if Source has been allowed.
Expand JSON fields using spath
List of installed non-core applications
Bucket Count by indexer/index
Splunk Query to report on users logging on to the Splunk Web Console
System Security Access Removed from Account
Microsoft Antimalware Virus Remediation Details
Get list of concurrent users on a specific server
Dashboards
Full XML dashboards with panels, inputs, and drilldowns. Copy once, ship instantly.