Splunk dashboard that displays User searches

Built this dashboard to give a high level overview of user search activity.¬† The search powering the dashboard is looking that the _audit index and you will need to ensure that you have proper access to the internal Splunk indexes. The dashboard includes a TimeRange picker, radio button to include or exclude Splunk’s system user, […]

Continue Reading →

Triggered Alert Analytics

Primary Dashboards Contains alert analytics for both triggered alerts and saved searches. Please replace $name$ with the saved search naming convention you utilize (ie. 0001 – AlertName). You will need an outputlookup to generate the bottom two tables; it will be based on the query that generates the second table in the dashboard.

Report […]

Continue Reading →

Show your triggered alerts

This search shows all the alerts that where triggered in your splunk environment:

Continue Reading →

Find unused dashboards

Use this search to find unused dashboards:

Admin Notes –¬†Fantastic query! I modified the SPL slightly as I had an issue when I copied it to my two test environments.

Continue Reading →

Show Searches with Details (Who | When | What)

The following Splunk search will show a list of searches ran on a splunk server with the following details: Who ran the search What sourcetype was used What index was used What the search string was When the search was last ran

Continue Reading →