Auditd hosts in all environments

Shows the login activity to our linux environments, sudo commands per host and users. Admin Notes: index=main was changed to index=* due to not everyone using the same index. This dashboard has been tested for code errors, but not for search errors. Please comment if you have any issues!  

 

Continue Reading →

Linux Cron Job Information

This splunk query example uses regex (regular expressions) to extract information on Linux cron jobs. *Note* this query has not been extensively tested

Continue Reading →

Count of Unique Hosts in Linux

The following splunk query example will return a unique count of hosts in a given time range *NOTE* if the host field is being autoextracted (for instance if you are using a universal forwarder) you will not need the regex command and can call upon the auto extracted fieldname of “host”

Continue Reading →

List of Hosts in a Linux Environment

The following splunk query example will return a list of hosts by hostname in a given time range. *NOTE* if the host field is being autoextracted (for instance if you are using a universal forwarder) you will not need the regex command and can call upon the auto extracted fieldname of “host”

Continue Reading →