How-To is the tag for how-to articles.
Editor’s Note: This article is co-authored by Barry Duncan, Team Lead, Professional Services Observability; and Chase Yates, Practice Manager, Security. A common problem technology teams face is the high volume of noise in their environments and the resulting alert fatigue. Items clamoring for an analyst’s attention can include: Threats Anomalies Incidents Notable Events According to […]
What do you do if you have a large number of Deployment Servers (DS) and want to separate business units into different serverclasses? In this article, we will discuss steps you can take to adapt your (DS) to your growing organization.
To say a lot has change in 2020 is an understatement. The world we live in and work in has dramatically changed these past few months and some changes might last even longer. But even in this unpredictable world, we still look at data to help us solve our problems.
Did you know that all Splunk Knowledge Objects (KO) generated during a search are maintained in memory? Sure, any one KO in itself doesn’t take up a lot of memory, but run a search that returns 10 million events… You can do the math!
Splunk WLM (Workload Management) provides the ability to allocate compute and memory resource to search, indexing, and other processes such as scripted inputs. This allows you to allocate the right resources to your Splunk server depending on its role.
Making data CIM compliant can be a daunting and confusing exercise for new Splunkers and experienced ones alike. Often the biggest misconceptions have to do with the approach rather than the exercise itself. My biggest piece of advice – start with the end in mind.