A community-built SPL + dashboard repository
GoSplunk
Discover field-tested SPL searches and full dashboard XML you can copy straight into Splunk.
Sample SPL
index=security EventCode=4625
| stats count by Account_Name, ComputerName
| sort - count 128
SPL searches
Hand-picked SPL searches from across the library.
Query for when PowerShell execution policy is set to Bypass
Total Unique Browsers detected in IIS logs
Most Active Day and Least Active Day for IIS Web Traffic
Verify Windows Updates have been Applied
Number of Hosts the Root Account was Detected on
Clean or Delete Data in a given Source
Qualys 30 Day trending of Re-Opened Vulnerabilities
Rename _time field in a TimeChart
Reports Owned by Admin Users and Writable by Others
Dashboards
Full XML dashboards with panels, inputs, and drilldowns. Copy once, ship instantly.