Splunk Search

What are the best practice searches for application lifecycle & release analytics?

sloshburch
Splunk Employee
Splunk Employee

I'd like to implement some basic searches for application lifecycle and release analytics without getting caught up in the differences between sourcetypes and field names.

Are there any basic searches that provide application monitoring without me having to deal with the complexities of the sourcetype differences? Something akin to the Change Model concepts in the Common Information Model, perhaps?

0 Karma
1 Solution

sloshburch
Splunk Employee
Splunk Employee

Replaced the answer with its new homes.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Added guidance on Alerts

0 Karma

gjanders
SplunkTrust
SplunkTrust

@SloshBurch is the plan to eventually create a best practices app containing various example searches like this?

0 Karma

sloshburch
Splunk Employee
Splunk Employee

@gjanders - that can certainly be an option. The first step is to reconcile between prescriptions found all over the place. This forum allows us to learn from all about what could make these better. Incorporating such blessed material into apps will also take orchestration to make sure we're consistent with our premium apps, our new customer prescriptions, and our Essentials series of apps (from which many of these questions are also answered).

So, while the answer is 'yes', you can appreciate this to be a place for us to learn from all about ways to strengthen such searches.

Make sense?

0 Karma

gjanders
SplunkTrust
SplunkTrust

Agreed, this does provide a way to get feedback promptly

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...