TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, 2021 CFP Closes: January 19th, 2022 Previous Talks: https://bsidessplunk.com/archives.html Who can apply? This is open to everyone and focused on technical topics. This is your chance to go down the technical rabbit hole. Does the content need to be about Splunk? Mostly. The topic doesn’t have to be directly about Splunk. But, the content should have to do with Splunk. For example, using a script or product to get data in to or out of Splunk.  Is the conference going to be in-person? We wish. We miss the hugs and high fives (and the many beverages) that we have shared over the years. To make sure that everyone stays safe, we are choosing to be virtual once again. Ready to submit your talk? Check out our BSides CFP to send in your submission today! And, now… we present the holiday portion of this programming! Enjoy! .                                                                                                                                                      'Twas the week for the Call for Papers, and while everyone was in their house, Not a keyboard was silent, not even the mouse. The Raspberry Pis were blinking in their cases, looking so sheer, In hopes that the Call for Papers would soon be here. The Splunkers were crashed cuddled in their gaming chairs and not in their beds, While visions of dashboards danced in their heads. With Rich in his flipflops, and Clara in her beard, They had just settled their nerves as holiday on-call neared. When out in the cloud there arose such a clatter, They sprang from the NOC to see what was the matter. Away from their slumber, they flew like The Flash, Tore open a browser and launched a tab in a dash. The light from the screen gave off such a glow, Why don’t they use dark mode, don’t ya know? When what to their wondering eyes did appear, But the BSides Splunk CFP and reminiscing of "3 clicks and a beer", Being a round, bearded speaker, so you knew he was no phony, I knew in a moment he must be SplunkTrust Tony. More rapid than SSDs, his ponies they came, And he whistled, and shouted, and listed the products by name: “Now, Enterprise! Now, Cloud! Now, On-Call and Security! On, ITSI!, on, UBA! on, DSP and Observability!” To the message on your phone! To the dashboard on the wall! Now alert them! Alert them! Alert them all! So over to the website the ponies they flew, With the hopes of a conference, and SplunkTrust Tony too. And then, in a twinkling, I heard on the keyboard, The clicking and clacking got me floored. As Rich and Clara turned their heads and began running around, Up went the website for papers to be bound. The site – how it twinkled! The source no coursed, Because they like to use code that is open-sourced! The speakers did wonder at what was so vital, Like most, the hardest part is, “What is my talk title”? The abstract they did not have to ponder, While they wrote a description to make others wonder. The speakers are all listed from one to five, As they are the reason the talks will come alive. One of the last tasks - a password is given, For you to edit the talk to make sure the judges are smitten. Have no worries if you have not spoken before, As we have people to help get you on the floor. This closes this little poem, and thank you for indulging me, But thinking about BSides Splunk just fills me with glee. And as I end on these works and dash out of sight, Happy Splunking to all, and to all a Splunky night! — Tony Reinke, BSides Co-Founder   ... View more

Trying to get a nice list of the top 10 countries a firewall is blocking.  If I run the search in the search app, it comes back with the columns of Country and count.  I use Dashboard Studio and I use the same search as a data source and I get Country, count, and _tc.  I am guessing I am missing a flag to not show the total count. Splunk Search: (index=netfw OR index=netproxy) (sourcetype="pan:threat" OR sourcetype="pan:traffic") action="dropped" (src_ip!=10.0.0.0/8 AND src_ip!=172.16.0.0/12 AND src_ip!=192.168.0.0/16) | iplocation src_ip | top limit=10 Country showperc=false | fields Country,count Studio Visualization: { "type": "splunk.table", "options": { "showRowNumbers": true }, "dataSources": { "primary": "ds_69PTFLxT" }, "title": "Top 10 Blocked Countries", "showProgressBar": true, "context": {}, "showLastUpdated": false } ... View more