How-To is the tag for how-to articles.
Summary indexing is a process that allows you to search large datasets more efficiently by creating smaller, customized summaries of those datasets to search instead. Because these new summary indexes have significantly fewer events for your Splunk software to search through, searches run against them complete much faster. In this article, we’ll breakdown everything you […]
Choosing a Cybersecurity Professional Services (PS) provider is similar to choosing any other professional provider. Think about how you would go about choosing a doctor, lawyer, or mechanic. Would you look at reviews? Seek out referrals? Conduct brief phone interviews? The process for choosing a PS provider is largely the same. In this article, we’ll […]
Editor’s Note: This article is co-authored by Barry Duncan, Team Lead, Professional Services Observability; and Chase Yates, Practice Manager, Security. A common problem technology teams face is the high volume of noise in their environments and the resulting alert fatigue. Items clamoring for an analyst’s attention can include: Threats Anomalies Incidents Notable Events According to […]
What do you do if you have a large number of Deployment Servers (DS) and want to separate business units into different serverclasses? In this article, we will discuss steps you can take to adapt your (DS) to your growing organization.
To say a lot has change in 2020 is an understatement. The world we live in and work in has dramatically changed these past few months and some changes might last even longer. But even in this unpredictable world, we still look at data to help us solve our problems.
Did you know that all Splunk Knowledge Objects (KO) generated during a search are maintained in memory? Sure, any one KO in itself doesn’t take up a lot of memory, but run a search that returns 10 million events… You can do the math!
Splunk WLM (Workload Management) provides the ability to allocate compute and memory resource to search, indexing, and other processes such as scripted inputs. This allows you to allocate the right resources to your Splunk server depending on its role.
Do you have a custom data source you’d like to import into Splunk? Welcome to the world of sourcetypes.
In this blog, we help you navigate the process of creating sourcetypes, from assessment to configuration.
Making data CIM compliant can be a daunting and confusing exercise for new Splunkers and experienced ones alike. Often the biggest misconceptions have to do with the approach rather than the exercise itself. My biggest piece of advice – start with the end in mind.
There is always a sense of dread when your search head cluster (SHC) goes down. It’s the interface to Splunk, and for the analysts, it’s their window to the data world.