What started as a plan to stand up a new/additional VM Search Head dedicated to a specific department in IT has turned into a possible first attempt at Search Head clustering.
In trying to s...
I am doing a deep dive to understand the internals of acorrelationsearch within ES so that I can justify creating new correlated searches with adjusted thresholds and/or explicit asset exceptions....
So, I have multiple ip addresses i want to combine them using regex or normal by supplying dashes and compare them to the variable. For eg: This is my existing query: | search NOT src IN (10.161.5...
...ight after getting Splunk Enterprise installed on their local machine. It can be daunting to log into Splunk for the first time and know what the heck you should do. A person can get through the i...
...fficiency, overall experience? Can anyone offer any additional real-world guidance on creatinga data catalog? We can't see any reason to split up windows event logs for endpoints (security/a...
I'm creatinga number of correlationsearches, and I'd like to be able to send an email ONLY when an episode has been open for more then X number of minutes. If i go into the a...
...pplication etc.. I'm thinking of creatinga separate index for each of these type of logs, for example all nginx (access/error) logs go to one index, celery logs to another and so on. My reasons are, it gives m...
Hi,
Is there a way or any direct link form where i can download all the sessions of Splunk 2016 which is available at the below link?
https://conf.splunk.com/sessions/2016-sessions.html
I k...