Knowledge Portal

SPL Optimization Tips

There are countless blogs, articles, and Splunk ‘answers’ regarding the optimization of Splunk queries (and here’s another one). In this article, we are going to share a few tips to improve the performance of your Splunk queries…

Read More

Splunk API Data Ingestion

Did you know that Splunk has the capability to ingest non-log based data through multiple onboarding methods? In this blog, we will touch on API based data ingestion, as it is traditionally the most common method utilized.

Read More

What is Summary Indexing???

What is Summary Indexing? Summary indexes, as the name implies, allows for the storage of summarized data over time. This allows us to take these bite-size calculations of our data, and store those results in separate indexers.

Read More

Your Guide to Disk Migration

Many Splunk customers start with a single disk for storing Indexes and then want to make changes. In this guide we will discuss the steps to move hot/warm buckets onto faster disks and move cooler buckets to cheaper storage.

Read More

WLM: The Great, The Good, and The Gotchas

Splunk WLM (Workload Management) provides the ability to allocate compute and memory resource to search, indexing, and other processes such as scripted inputs. This allows you to allocate the right resources to your Splunk server depending on its role.

Read More

What Makes a Sourcetype?

Do you have a custom data source you’d like to import into Splunk? Welcome to the world of sourcetypes.
In this blog, we help you navigate the process of creating sourcetypes, from assessment to configuration.

Read More

Splunk ES Implementation Checklist

Congratulations! Your organization has had the foresight to purchase Splunk’s Enterprise Security along with expert Professional Services to assure a successful implementation. This guide will serve as a checklist to help ensure you are prepared for the most successful ES deployment possible.

Read More