The Virtualization Practice


RSS Feed for Splunk

  • .conf2014 Highlight Series: Lesser Known Commands in Splunk Search Processing Language (SPL)


    .conf2015 registration is open!

    As we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas this September, we’re excited to continue our series of .conf2014 retrospectives. This week we revisit Kyle Smith’s presentation covering less popular but powerful commands in Splunk Search Processing Language (SPL).

    Skill Level:
    Good for All Skill Levels

    Solution Area:
    Search Language

    Splunk Enterprise

    Presentation Overview:
    From one of the most active contributors to Splunk Answers and the IRC channel, this session covers those less popular but still super powerful commands, such as “map”, “xyseries”, “contingency” and others. This session also showcases tricks such as “eval host_{host} = Value” to dynamically create fields based on other field values, and …

  • Raw Threat Intel Docs in Enterprise Security 3.3

    For those that would like to visibly see a raw version of STIX/OpenIOC docs being consumed by the Threat Intel Framework in Enterprise Security 3.3, I thought I’d post a bit of an unofficial work around that could potentially be used to do this. It occurred to me that if a user wanted Splunk to index the raw STIX/OpenIOC documents, all they would need to do is have Splunk monitor the Threat Intelligence Manager directory that Enterprise Security is using to consume the OpenIOC/STIX documents. As an example, I will show how this can be done using the “da_ess_threat_default” entry, which is the Threat Intelligence Manager for the STIX documents that Enterprise Security 3.3 ships with out of the box.…

  • Smart AnSwerS #22

    Hey there community and welcome back to Smart AnSwerS, the 22nd installment of its kind.

    I just got back to the office from a two week vacation to find my desk surrounded by a jungle of plants, my chair wedged horizontally on the side of my desk, an inflatable giraffe with a St. Patrick’s Day hat, and a cardboard cutout of a snooty waiter. Somehow, I wasn’t surprised with the number of pranksters surrounding me, so it was expected haha. I also came back to 800+ posts that have gone live on Answers since my departure! I’m glad the community is as lively as ever, though, it will take me some time to sift through all that content, …