×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Ben
Explorer
Member since: ‎12-04-2024
‎03-10-2025
Community Statistics
Posts 4
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎12-04-2024
View All

Best Practices for Finding Data Across All Splunk ...

by in Splunk Search
‎02-26-2025 10:31 PM
‎02-26-2025 10:31 PM
Hello, As a SOC analyst, what are the best practices for writing SPL queries to quickly find specific data (such as an IP address, a string, or a keyword) across all logs and indexes? I understand that it's generally recommended to narrow down searches and avoid using `index=*`, but sometimes I don't know exactly where the data is indexed (i.e., which index, sourcetype, or field name). Any advice would be greatly appreciated. Thanks in advance! ... View more
Labels

Re: Limiting the visibility of OOTB dashboards in ...

by in Dashboards & Visualizations
‎02-06-2025 12:14 AM
‎02-06-2025 12:14 AM
Thanks again ... View more

Re: Limiting the visibility of OOTB dashboards in ...

by in Dashboards & Visualizations
‎02-05-2025 09:57 PM
‎02-05-2025 09:57 PM
Hi @gcusello  I will look at the APP permissions. About your question, I created the role from scratch. Thanks for the tip but why shouldn't I use Inheritance as a general guideline?    Thanks for replying Ben ... View more

Limiting the visibility of OOTB dashboards in Splu...

by in Dashboards & Visualizations
‎12-04-2024 04:33 AM
‎12-04-2024 04:33 AM
Hello, I've created a simple app, let's call it IT_Users_App,  linked to a certain role called it_user.  In the app, a user with the role above, can see hundreds of OOTB dashboards by default.  I would like to hide those OOTB dashboards from the app / role, in a bulk action. Doing so one by one will not be fun 😞 Is there a way to accomplish that?    Thanks in advance.   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-10-2025 01:02 AM
Karma given to
View All