License and Storage Usage Dashboard

This relies on the search posted earlier: This will display storage and license usage broken down by groups, predefined in the chargeback app customers.csv

Continue Reading →

Build License usage by Group

This was cobbled together from multiple searches I found. This search feeds the license and storage dashboard posted here: It relies on the Chargeback app for the customers.csv form.

 

Continue Reading →

Auditd hosts in all environments

Shows the login activity to our linux environments, sudo commands per host and users. Admin Notes: index=main was changed to index=* due to not everyone using the same index. This dashboard has been tested for code errors, but not for search errors. Please comment if you have any issues!  

 

Continue Reading →

Top Header cpu & memory status

I didn’t like the CPU input from the Splunk TA Nix app, so I created this small ingest from top. The script takes a snapshot of the top command, and looks directly at the header:

and comes back with the first 5 lines of Top:

and the following query pulls CPU load average data […]

Continue Reading →

Show uptime in Days

The following query shows uptime of all systems over a certain period of time (days_uptime). Replace my indexes w/ yours.

  Looks like: hostname | DaysUP | Years | Months | SystemUpTime and $days_uptime$ is a text box in my case.

Continue Reading →

Search to show what apps are ready to be updated

If that Splunk has internet access, it’ll have the

fields filled with the latest version if there is an update available for any app installed on that system. The

filter should be usable for querying search peers as well. Using that scheduled daily or weekly, you could alert yourself of any update. […]

Continue Reading →

Permissions for splunk users

Another view for which splunk user can do what in your splunk environment

Continue Reading →