License and Storage Usage Dashboard

This relies on the search posted earlier: This will display storage and license usage broken down by groups, predefined in the chargeback app customers.csv

Continue Reading →

Build License usage by Group

This was cobbled together from multiple searches I found. This search feeds the license and storage dashboard posted here: It relies on the Chargeback app for the customers.csv form.

 

Continue Reading →

Detailed User Activity

Continue Reading →

Exclude single event type from logs

Do this on HF   transforms.conf:

  props.conf:

Continue Reading →

Who’s Using Splunk?

I often get asked how much a certain dashboard gets looked at, or how many times a user looks at a specific app. I wrote this quick query to answer that question.

Continue Reading →

Find unused dashboards

Use this search to find unused dashboards:

Admin Notes – Fantastic query! I modified the SPL slightly as I had an issue when I copied it to my two test environments.

Continue Reading →

skipped searches and why

Quickly identify high amounts of skipped searches in your cluster or standalone SH(s):

Adjust “[your splunk SH(s)]” to the SH(s) you want to check obviously ;)

Continue Reading →

find blocking queues

Blocked queues are (obviously) bad for your environment so here a search to identify those:

Example result:

Continue Reading →

Internal Splunk User Stats

This simple Splunk query will show us unique Splunk user logged into Splunk per day, as well as total count of log-ons.

Continue Reading →

Apache Traffic Dashboard

Description: The following Dashboard is what I use to monitor traffic to GoSplunk. It uses the built in sourcetype of access_combined. No additional add-on’s or TA’s are required. I replaced my index with index=* so it’ll work out of the box. You’ll want to change this to your index for best practices. Also I have […]

Continue Reading →

List all ES Correlation Searches

Continue Reading →

Windows service activity & MSI installs

Here is a dashboard that built to look for Service activity and MSI installs in Windows.  This dashboard utilizes Post Processing so there is only 2 searches that are launched when the dashboard is loaded to minimize impact on search queuing. Add-on’s: Splunk Add-on for Microsoft Windows – https://splunkbase.splunk.com/app/742/

Continue Reading →

Simple File Integrity Monitoring Management Dashboard

This is the code for my original reddit post at https://www.reddit.com/r/Splunk/comments/am3tgr/simple_file_integrity_monitoring/ This dashboard allows users to manage simple File Integrity Monitoring (FIM) within Splunk. Please note that this isn’t a full FIM suite as it only validates if a checksum has been changed on a file, but I have included a simple TA for Linux. However, if you […]

Continue Reading →