Category: Splunk

Data is the lifeblood of any organization, and harnessing its insights is paramount for making informed decisions. In the realm of data analytics, Splunk stands out as a powerful tool for searching, monitoring, and analyzing vast datasets.
  • Blog
  • Splunk

Best Practices for Writing Efficient Splunk SPL Queries

This blog details a step-by-step process on how to create and run a prediction model with Splunk MLTK. The use case explained in this blog is specifically, how to predict the number of incident tickets created for an Operation Team during a busy holiday time, so the team can prepare for the workload.
  • Blog
  • Splunk

Predict Your Incident Tickets With Splunk MLTK 

Splunk timestamp extraction can be tricky until you work with it a couple times. Follow along with me through a couple different examples and you should be able to extract a timestamp out of any data. There are a few settings in Splunk’s “Magic 8” that go into props.conf of the data you are trying to ingest.
  • Blog
  • Splunk

Splunk Timestamp Extraction – Where and How to Find Time!

Helpful Splunk resources from the TekStream developer team
  • Blog
  • Splunk

Useful Online Resources for the Aspiring Splunk Admin

Get Your Custom App to Pass App Vetting on the First Try
  • Blog
  • Splunk

Get Your Custom App to Pass App Vetting on the First Try

Splunk’s Compliance Essentials provides several features that can help organizations meet the requirements of various compliance frameworks like CMMC, DFARS, FISMA and more. This app comes pre-packaged with a library of compliance practices, dashboards that can be used to monitor compliance status & track progress, and reports that can be used to demonstrate compliance to auditors.
  • Blog
  • Splunk

Splunk Compliance Essentials: Your One-Stop Shop

Splunk SOAR: HUD Tutorial
  • Blog
  • Splunk

Splunk SOAR: Introduction to the HUD Space

TekStream Tutorial: Troubleshooting Multiple Splunk Forwarders
  • Blog
  • Splunk

Troubleshooting Splunk Forwarders Tutorial: Send Commands to Multiple Splunk Forwarders (Linux)

Datamodel is really like Savedsearches, providing structure to underlying unstructured data. Datamodel has multiple datasets, where datasets are like a table in the traditional database. In Splunk, when we create dataset, we create with some constrains. This blog walks through the end-to-end flow of a datamodel in Splunk ES. By the end of this demonstration, you will find the above definition makes sense.
  • Blog
  • Splunk

How Datamodel Works in Splunk ES