User Activity in DBConnect

The following Splunk query is for the DBConnect app.  This will return all user activity using this particular app. I’ve provided the regex in the search.  

Continue Reading →

Splunk Server Restart Duration

As titled, the following Splunk search query will show the restart duration (using the transaction command) of the Splunk service itself.  

Continue Reading →

Splunk User Search Activity

This will return a table of users who conducted searches, the total time it took for searches to complete, a count of said searches, and the last time a search was conducted. *NOTE* You will need to modify “splunk_server=local” specifically the “local” section to represent your Splunk server.

Continue Reading →

Internal Splunk User Modifications

This query will search the internal audit sourcetype of splunk and report on any user modification attempts, both success and fail.

Continue Reading →