Entries by Caroline Lea

Iplocation: Simple Explanation for Iplocation Search Command

By: Charles Dills | Splunk Consultant Iplocation can be used to find some very important information. It is a very simple yet powerful search command that can help with identifying where traffic from a specific IP is coming from. To start iplocation on its own won’t display any visualizations. What it will do is add […]

Take your Traditional OCR up a notch

By: Greg Moler | Director of Imaging Solutions While the baseline OCR landscape has not changed much, AWS aims to correct that. Traditional OCR engines are quite limited in what details they can provide. Being able to detect the characters is only half the battle, the ability to get meaningful data out of them becomes […]

Tsidx Reduction for Storage Savings

By: Yetunde Awojoodu | Splunk Consultant Introduction Tsidx Reduction was introduced in Splunk Enterprise v6.4 to provide users with the option of reducing the size of index files (tsidx files) primarily to save on storage space. The tsidx reduction process transforms full size index files into minified versions which will contain only essential metadata. A […]

Operating a Splunk Environment with Multiple Deployment Servers

Operating a Splunk Environment with Multiple Deployment Servers By: Eric Howell | Splunk Consultant Splunk Environments come in all shapes and sizes, from the small single-server installation managing all of your Splunk needs in one easily-managed box, to the multi-site, extra complex environments scaled out for huge amounts of data and all the bells and […]

Using Splunk to Monitor USB Removable Storage Devices

Windows Event Log Monitoring Abstract Information security is only as effective as physical security policies. Splunk continues to be a valuable tool in providing insight into risk and threat detection. As more security operation centers (SOC’s) look to limit sensitive data being exposed, USB removable storage devices (thumb drives, external hard drives, cell phones with […]

New Feature in Splunk to Monitor Environment Health

A new feature introduced in Splunk 7.2 is the Splunkd Health Status Report. Monitoring Splunk’s status by checking if Splunkd is running may tell you if Splunk is running, but it won’t tell you if there’s a problem developing while Splunk is running. In the latest version of Splunk, you’ll only need to look next […]