How-To
How-To is the tag for how-to articles.
Editor’s Note: This article is co-authored by Barry Duncan, Team Lead, Professional Services Observability; and Chase Yates, Practice Manager, Security. A common problem technology teams face is the high volume of noise in their environments and the resulting alert fatigue. Items clamoring for an analyst’s attention can include: Threats Anomalies Incidents Notable Events According to […]
What do you do if you have a large number of Deployment Servers (DS) and want to separate business units into different serverclasses? In this article, we will discuss steps you can take to adapt your (DS) to your growing organization.
To say a lot has change in 2020 is an understatement. The world we live in and work in has dramatically changed these past few months and some changes might last even longer. But even in this unpredictable world, we still look at data to help us solve our problems.
There are countless blogs, articles, and Splunk ‘answers’ regarding the optimization of Splunk queries (and here’s another one). In this article, we are going to share a few tips to improve the performance of your Splunk queries…
Did you know that all Splunk Knowledge Objects (KO) generated during a search are maintained in memory? Sure, any one KO in itself doesn’t take up a lot of memory, but run a search that returns 10 million events… You can do the math!
What is Summary Indexing? Summary indexes, as the name implies, allows for the storage of summarized data over time. This allows us to take these bite-size calculations of our data, and store those results in separate indexers.
Splunk WLM (Workload Management) provides the ability to allocate compute and memory resource to search, indexing, and other processes such as scripted inputs. This allows you to allocate the right resources to your Splunk server depending on its role.
Do you have a custom data source you’d like to import into Splunk? Welcome to the world of sourcetypes.
In this blog, we help you navigate the process of creating sourcetypes, from assessment to configuration.
Making data CIM compliant can be a daunting and confusing exercise for new Splunkers and experienced ones alike. Often the biggest misconceptions have to do with the approach rather than the exercise itself. My biggest piece of advice – start with the end in mind.
There is always a sense of dread when your search head cluster (SHC) goes down. It’s the interface to Splunk, and for the analysts, it’s their window to the data world.