SplunkStuff

A repository for sharing splunk code, tips, tricks and other items which help with Splunk.

SPL has the extension .spl, SimpleXML is .xml. Guides are in markdown. Anything else should make sense.

Useful links outside of this repository

As we find useful links for Splunk topics, we will add them to this page.

Understanding Splunk

Splunk is not a database, an explanation of how Splunk works compared to databases - Useful if you come from a SQL background

Proving a Negative - We also have an example in our Snippets directory

Splunk Extended Search Dashboard and other resources

Command Examples

Streamstats to count by a field

Enterprise Security

TA to edit notables in ES

Splunk upgrade

Check app compatibility against a splunk version you would like to upgrade to

Splunk Management

Splunk Management