I found this search in ES ContentUpdates
| tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime from datamodel=Network_Traffic where All_Traffic.app=tor AND A...
I want to set up an organized system of permissions so we can give the right access to the right data and the right Splunk features to the right analysts in my organization. Can I get a sketch of how...
I go to Configure > Content > Use Case Library.
It shows this nice page but I can't view all the use cases.
Meaning, setting all the filters to All and I still can't see the full l...
Splunk Enterprise ContentUpdates has this Analytic Story: Account Monitoring and Controls. It contains a savedsearch (?) named "ESCU - Detect Excessive Account Lockouts From Endpoint - Rule".
T...
...ou won't be able to make updates to forwarder apps/addons to new or existing forwarders while the deployment server is offline. This will block the threat and give you time to make a plan. At p...
I have a Splunk Enterprise/Splunk Cloud deployment that's been on autopilot for a while. We've been adding data sources and use cases, but I think there's a lot more we can get out of Splunk, and I'm...
...ommand is
wget http://myhost.mydomain.com:8000/en-US/app/search/%40go?s=hostdf
Here is a snapshot of the wget, and the resulting saved file: (Names were changed to protect the guilty). The c...