NIX Debian Package (dpkg.log) Dashboard

Description: Wanted a dashboard that would provide information around package information across my Ubuntu servers.  At this time I have only built this dashboard to review the “dpkg.log”. In an attempt to help people understand how I build dashboard, posted a video on YouTube where you can follow along while I build this dashboard out: […]

Continue Reading →

Truncated Data Issues

Displays sourcetypes being truncated on ingest, then on selection, shows the related _internal message & the an event that caused it to trigger.

Continue Reading →

Software inventory

I’ve been looking a while for something like this, and decided to make it myself. This relies on the tinv_software _inventory add-on found on Splunkbase, but you can do it without, if you feel like it.

Hope this helps. Let me know if you have any suggestions.

Continue Reading →

Deployed application status

Created this dashboard to see when or if an application was deployed successfully. Close to splunkninja’s query, this will also show if the host in question also restarted to apply the new app.  

Continue Reading →

emoji bonanza

Have you ever wanted to truly express your emotions related to your search results but wasn’t sure how? Why not use an emoji?  But how, you ask?  Well, problem solved. Welcome to the emoji bonanza!

 

Continue Reading →

ProofPoint TAP Dashboard

Continue Reading →

Bucket Status Dashboard

Shows status of buckets per indexer host, when they rolled from warm to cold, and cold to frozen. Gives a timechart and table of each, as well as detailed bucket names per index & host.

Continue Reading →

Alerts in a Panel with Drilldown

A quick dashboard panel you can plop anywhere and get a view of alerts that have recently fired, including a drilldown based on the SID of the fired alert.

Continue Reading →

Triggered Alert Analytics

Primary Dashboards Contains alert analytics for both triggered alerts and saved searches. Please replace $name$ with the saved search naming convention you utilize (ie. 0001 – AlertName). You will need an outputlookup to generate the bottom two tables; it will be based on the query that generates the second table in the dashboard.

Report […]

Continue Reading →

Nessus Security Center Dashboard

Description: This dashboard is intended make it easier to search the results from Nessus Security Center. It doesn’t require any additional addons.

Continue Reading →

FireEye Internals Monitoring

Summary: FireEye produces 2 types of logs: security event logs (the primary function of FireEye), and internal system logs (Logs about the appliance).  Most users do not use the internal system logs, or are even aware that they are available.  Sometimes, the appliances are configured to send both logs via syslog, and the messages are […]

Continue Reading →

Windows Sysmon Process Dashboard

(updated on 8/26/2020) Working with a customer I started this dashboard to give a high level overview of Windows Sysmon data.  I have been evolving the dashboard in my home environment and will take any feedback to improve the effectiveness of this dashboard. First is getting sysmon data into your splunk environment.  My home computers […]

Continue Reading →

LDAP Search Dashboard

Description: This dashboard is designed to simplify Splunk’s LDAPSEARCH command. LDAP must be configured in your Splunk instance for this to work.  

Continue Reading →

License and Storage Usage Dashboard

This relies on the search posted earlier: This will display storage and license usage broken down by groups, predefined in the chargeback app customers.csv

Continue Reading →