Splunk Search

Are there any other online collections of Splunk search examples?

ChrisG
Splunk Employee
Splunk Employee

Beyond what's in the Search Reference and the Search Manual, are there other sites that have SPL examples available to the community?

1 Solution

vnakra_splunk
Splunk Employee
Splunk Employee

Aside from the excellent sites from Chris above, if your goal is to learn SPL, there are a few other resources I typically recommend:

Education: Take "Advanced Searching and Reporting" from Splunk Education. Very worth your time.

Apps:

People:

  • .conf is one of the best sources of wisdom out there. Archived sessions from 2013-2016 are up at conf.splunk.com. Two from the latest .conf that have great info on SPL are:
    • "Let Stats Sort Them Out: Building Complex Result Sets That Use Multiple Source Types" - by Nick Mealy (ex-Splunker, aka @Sideview): Recording and Slides
    • "Time After Time – Comparing Time Ranges in Splunk" by Lisa Guinn (Splunk Edu, aka @lguinn): Recording and Slides
  • Sign up for the Slack channel and talk to people. You soak up a lot by osmosis, and you'll meet the people who help you here on Answers.

The Splunk Book: From one of the creators of the product...http://www.splunk.com/goto/book

View solution in original post

gcusello
Esteemed Legend

Hi @ChrisG,

in addition to the ones hinted by the other epeople I would add also Enterprise Security Content Updates (https://splunkbase.splunk.com/app/3449) that's possible to use also outside ES, eventually using the CIM data Models.

Ciao.

Giuseppe

0 Karma

bowesmana
SplunkTrust
SplunkTrust

The ESCU searches are also part of Splunk Security Essentials , which you can see here

https://docs.splunksecurityessentials.com/content-detail/

and also here

https://research.splunk.com/detections/

Note that some of the searches are buggy - I've raised a few bugs in the last few days

https://github.com/splunk/security_content/issues

 

0 Karma

Anam
Community Manager
Community Manager

Hi all, thank you for bringing malicious links to our attention! I have gone ahead and deleted Chris's post since the links were out of date and any another reply that had the old links. Feel free to post any updated information 🙂 

0 Karma

mhouse3
Path Finder

"Archived sessions from 2013-2016 are up at conf.splunk.com" where? Can you provide the direct link please?

0 Karma

ChrisG
Splunk Employee
Splunk Employee
0 Karma

mhouse3
Path Finder

That link only takes me to the current 2019 .conf listings.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

It does kind of look like that, because of the banner on the page. But these are in fact the 775 archived sessions recorded in previous years. If you do a search on that page, like https://conf.splunk.com/watch/conf-online.html?search=SPL#/, you will see the results are tagged with the year they were recorded.

0 Karma

mhouse3
Path Finder

I see now. The problem is if you go to the top left and expand Event it reflects that these are for 2016, 2017 and 2018. I am looking for the recordings before 2016.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Yes, I think that is as far back as they go, vnakra might have been mistaken.

0 Karma

vnakra_splunk
Splunk Employee
Splunk Employee

Aside from the excellent sites from Chris above, if your goal is to learn SPL, there are a few other resources I typically recommend:

Education: Take "Advanced Searching and Reporting" from Splunk Education. Very worth your time.

Apps:

People:

  • .conf is one of the best sources of wisdom out there. Archived sessions from 2013-2016 are up at conf.splunk.com. Two from the latest .conf that have great info on SPL are:
    • "Let Stats Sort Them Out: Building Complex Result Sets That Use Multiple Source Types" - by Nick Mealy (ex-Splunker, aka @Sideview): Recording and Slides
    • "Time After Time – Comparing Time Ranges in Splunk" by Lisa Guinn (Splunk Edu, aka @lguinn): Recording and Slides
  • Sign up for the Slack channel and talk to people. You soak up a lot by osmosis, and you'll meet the people who help you here on Answers.

The Splunk Book: From one of the creators of the product...http://www.splunk.com/goto/book

raj_mpl
Path Finder

Nice information … keep it up guys

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...