splunk.com
Splunk Enterprise - Collect, monitor, analyze and visualize the massive streams of machine data
http://www.splunk.com/view/benefits/SP-CAAACCS
Splunk IT Service Intelligence. Splunk User Behavior Analytics. Free Trials and Downloads. IoT and Industrial Data. Security, Compliance and Fraud. Splunk Enterprise on AWS. Apps for Cloud Services. SIEM in the Cloud. Splunk Enterprise Release 6.4. See the forest and the trees. Splunk Enterprise makes it simple to collect, analyze and act upon the untapped value of the big data generated by your technology infrastructure, security systems and business applications. Try our Free Cloud Trial. What's New in...
wiki.splunk.com
Community:Security and compliance - Splunk Wiki
http://wiki.splunk.com/Community:Security_and_compliance
How to detect SPAM with attachments (DRIDEX). Using your own CA with LDAP. Considerations for Access Control. Configuring SplunkWeb to use the default SSL certificates that ship with Splunk. Configuring SplunkWeb to use an SSL certificate self-signed by a newly generated root certificate. Configuring SplunkWeb to use an SSL certificate signed by a third party Certificate Authority. Configuring Splunk forwarding to use the default SSL server certificate. Considerations for getting data into Splunk.
wiki.splunk.com
Community:SplunkTuningFactors - Splunk Wiki
http://wiki.splunk.com/Community:SplunkTuningFactors
Splunk's core competency is indexing and searching any type of IT data with speed and efficiency. This versatility can present challenges to both new and seasoned users of Splunk when attempting to identify factors that can affect performance. This section reviews a variety of factors and offers suggestions on how to tune Splunk for a given deployment. Major and minor segments. Splunk maintains two concepts of segments, called major and minor segments. Minor segments are breaks within a major segment.
wiki.splunk.com
Deploy:BucketRotationAndRetention - Splunk Wiki
http://wiki.splunk.com/Deploy:BucketRotationAndRetention
How to anticipate data size evolution. Aka Bucket rotation and Retention. Applies to version: Splunk 4.1.*. In Splunk 4.2 a new notion of volumes allow you to specify space quotas per volume, and per folder. http:/ docs.splunk.com/Documentation/Splunk/latest/Indexer/HowSplunkstoresindexes. Secondly, a bucket. Is a unit of indexed data. It is physically a directory containing events of a certain period. You may have several buckets at the same time in each stage. See details here: [ [1]. From hot to warm ...
wiki.splunk.com
Community:Deployment Considerations - Splunk Wiki
http://wiki.splunk.com/Community:Deployment_Considerations
Deployment considerations for data inputs. 16:51, 18 November 2009 (PST). Splunk supports five primary data input types - file and directory inputs, FIFO queues, network ports, scripted inputs, and Windows event logs. File and directory inputs. Inside directory inputs for additional flexibility of configuration. Refer to the documentation about file and directory inputs. Due to their vulnerability, FIFOs are not recommended. Monitor. To configure FIFO queues, see this page. It is equally useful for captu...
wiki.splunk.com
Community:Deployment models - Splunk Wiki
http://wiki.splunk.com/Community:Deployment_models
Deployment models with a single Splunk indexer. Deployment models with multiple Splunk indexers. Retrieved from " http:/ wiki.splunk.com/index.php? Understand bucket rotation and plan for data size increases. Considerations for getting data into Splunk. Search and navigate IT data from applications, servers and network devices in real-time. This page was last modified on 18 November 2009, at 16:02. This page has been accessed 414,128 times.
wiki.splunk.com
Community:HardwareTuningFactors - Splunk Wiki
http://wiki.splunk.com/Community:HardwareTuningFactors
Back to the Best Practices area. Splunk can benefit from certain hardware configurations, maximizing performance for different aspects of the Splunk technology. This topic reviews a variety of factors and offers suggestions on how to size your hardware for Splunk. Generally speaking, large-scale IT search deployments present unique challenges to modern volume computing hardware available from vendors today. Many of these challenges surround I/O architectures and implementations with both hardware, so...
wiki.splunk.com
Community:Http status lookup table - Splunk Wiki
http://wiki.splunk.com/Community:Http_status_lookup_table
Community:Http status lookup table. Make a lookup dir. Cd $splunk home mkdir etc/apps/search/lookups. You may substitute search for your app. Put http status.csv. Edit the search transforms.conf. Add the following to $splunk home/etc/apps/search/local/transforms.conf:. Http status] filename = http status.csv. Edit the search props.conf. Add the following to $splunk home/etc/apps/search/local/props.conf:. Chown -R $splunk user:$splunk group $splunk home. 16:30, 19 August 2009 (PDT). Retrieved from " http:...
wiki.splunk.com
Deploy:Deployment topics - Splunk Wiki
http://wiki.splunk.com/Deploy:Deployment_topics
Find information about the components of a Splunk deployment, your options when deploying, what choices you have with respect to high availability, and information about tuning factors. Estimate Your Storage Requirement. Components of a Splunk deployment. Planning your Splunk deployment. Installing Splunk in the Enterprise Step by Step. Deploying Splunk Light Forwarders. How to install and run multiple versions on a single Windows box? Where do I configure my Splunk settings? High availability and Splunk.
wiki.splunk.com
Community:Getting data into Splunk - Splunk Wiki
http://wiki.splunk.com/Community:Getting_data_into_Splunk
Community:Getting data into Splunk. Getting data from remote machines. Best practices for getting data into Splunk remotely. How to Enable WMI Access for Non-Administrator Domain Users. Getting data in Windows. Considerations for deciding how to get data from Windows hosts. Considerations on using Snare, WMI polling or Splunk light weight forwarders. Receive events whenever someone plugs/unplugs a USB device. How to use Scripted Inputs in Splunk with AllSigned Execution Policy. Getting specific data types.
SOCIAL ENGAGEMENT