BearlyChilly

Send Data to a Port Using TCP or UDP Without NetCat

Fri, 07 Mar 2025 18:41:46 +0000

Learn how to send data to a specific port using TCP or UDP on Linux without using NetCat.

How to List Directory Sizes in Order on Linux

Fri, 07 Mar 2025 18:25:00 +0000

A simple guide to using the du command to list directory sizes in order on Linux.

Setting Up Private Internet Access (PIA) VPN with OpenVPN on Linux CLI

Fri, 07 Mar 2025 18:00:29 +0000

A step-by-step guide to setting up Private Internet Access VPN using OpenVPN on Linux via the command line interface (CLI).

Tampermonkey Script - Toggle to Edit Any Web Page

Fri, 07 Mar 2025 17:18:54 +0000

A simple Tampermonkey script that lets you quickly toggle text-editing mode on any webpage for quick UI mockups and text changes.

Building Splunk Searches Using AI (GitHub Co-Pilot)

Tue, 18 Feb 2025 08:36:56 +0000

Building Splunk Searches Using AI (GitHub Co-Pilot) A lot of time spent writing Splunk searches goes into formatting, syntax, and remembering commands or patterns for your SPL. With the help of generative AI, specifically GitHub Co-Pilot, we can significantly reduce the time spent writing searches. It also makes it easier to iterate quickly on existing searches and serves as great notes for later. I’ve edited this article about five times now, and finding the “perfect” balance of detail has been challenging.

Transparent Huge Pages (THP) in Linux and How it Affects Splunk

Mon, 13 Jan 2025 09:25:17 +0000

Transparent Huge Pages (THP) is a Linux kernel feature designed to optimize memory management, but it can significantly impact the performance of certain applications. This article explores the benefits and challenges of THP, with a particular focus on its effects on Splunk performance and how to configure it appropriately for optimal system operation.

How to Send Events to Splunk Using HEC - HTTP Event Collector

Fri, 25 Oct 2024 17:08:26 +0000

HEC (HTTP Event Collector) is a super easy way to send data into Splunk. It opens up the opportunity to quickly update a script or application to send data into Splunk without having to install a forwarder or setting up a syslog server.

Addressing Missing Index Error in Splunk using LastChance

Sun, 25 Aug 2024 17:32:10 +0000

Have you ever encountered a ‘missing index’ error in Splunk and worried about losing your logs? This article shows you how to set up a ’lastchance’ index to catch those wayward logs, ensuring you don’t lose data even when it’s headed for a non-existent index.

Reindex Logs that Have Already Been Indexed by Splunk

Sun, 25 Aug 2024 16:57:12 +0000

What do you do when you want to reindex logs that have already been indexed by Splunk? This article shows you how to use the ‘fishbucket’ method to reindex your data, whether you indexed it into the wrong index or forgot to create an index before applying your inputs.conf.

How to Give Splunk Access to Linux Logs

Sun, 25 Aug 2024 15:49:55 +0000

Don’t just give it root access! Process of onbaording Linux logs into Splunk using ACLs.

Splunk App vs Add-On - What's the Difference?

Sun, 11 Aug 2024 19:24:18 +0000

A guide to understanding the difference between a Splunk App and a Splunk Add-On.

Setting Up Splunk on Windows Using WSL for Free

Sun, 11 Aug 2024 18:52:00 +0000

A step-by-step guide to setting up Splunk on Windows using WSL with a free Splunk license. We also discuss the different types of Splunk licenses. This guide accompanies the video tutorial on my YouTube channel.

How to Work with Splunk Cloud ACS

Tue, 27 Feb 2024 20:57:22 +0000

Splunk Admin Config Service (ACS) API is a super powerful tool that allows you to manage your Splunk Cloud instance programmatically. In this post, I’ll showcase some use cases for Splunk Cloud’s ACS API as well as provide some real-world examples.

Bearlychilly - Detecting Typosquatting with Splunk and the URL Toolbox App

Wed, 21 Feb 2024 09:28:56 +0000

Splunk users can apply the ut_levenshtein macro from the URL Toolbox app to compare domain names against a reference domain, enabling the detection of potential typosquatting.

How to Delete Old Logs Automatically When Using Syslog-NG

Fri, 19 Jan 2024 08:40:57 +0000

Let’s take a look at how to automatically delete old logs when using Syslog-NG. This doesn’t just apply to Syslog-NG, but it’s a common use case.

How to Make a Syslog-NG Config with Examples

Fri, 19 Jan 2024 08:39:33 +0000

In this guide, we will walk you through the process of creating a Syslog-NG configuration that caches and organizes syslog data on disk. Additionally, we will delve deep into the structure of the config, examining each option we utilize. Finally, we will explore configuring ‘catch-all’ entries.

How to Install Syslog-NG on Linux - Ubuntu and Debian

Thu, 18 Jan 2024 17:13:20 +0000

In this guide, we’ll walk you through the process of installing Syslog-NG on your Ubuntu or any other Debian-based Linux distribution. Syslog-NG is a powerful logging and event management tool used widely in cybersecurity and system administration. Follow these steps to get it up and running on your system.

Finding and Replacing Encrypted Secrets in Splunk Configurations

Fri, 08 Dec 2023 09:24:15 +0000

Have you ever needed to locate and replace encrypted secrets in your Splunk configurations? It’s a tricky task that requires careful handling. In this article, we’ll guide you through the process.

Demystifying Splunk Index Retention Settings

Wed, 04 Oct 2023 10:54:49 +0000

Splunk’s index retention settings might seem tricky because they involve various options. If you don’t fully understand these configuration options, you could encounter problems like data being deleted too early or not being removed as expected. Let’s explore some important index retention settings in indexes.conf.

Splunk - How to Delete Events/Data from Splunk

Wed, 30 Aug 2023 19:29:37 +0000

In this guide, we will go through the two main methods you can follow to delete events from Splunk.

How to Use Splunk Base Searches in Classic XML Dashboard

Fri, 25 Aug 2023 11:27:03 +0000

Why Base Searches? Even when constructing a simple dashboard, you might have multiple panels that independently run their own searches within the dashboard. Splunk executes these searches separately, retrieves the results, and then displays the visualizations. This process could potentially cause the dashboard to take longer to load, as each panel completes its search individually. If these panels are based on the same initial data, utilizing a base search becomes advantageous.

List - IP OSINT Sites

Thu, 24 Aug 2023 11:23:06 +0000

OSINT (Open Source Intelligence) is one of our favorite topics. Here are some useful sites that we like to use when performing OSINT on IP Addresses.

Splunk - Getting Started with Splunk Using BOTS v3 Dataset

Mon, 14 Aug 2023 10:54:01 +0000

If you’re looking to dive into Splunk and want a dataset to work with, the BOTS v3 (Boss of the SOC) dataset is a great choice. Lets look at the process of setting up the dataset in Splunk.

Linux Splunk Universal Forwarder Install Process and Silent Install

Fri, 04 Aug 2023 12:15:22 +0000

This guide will walk you through the process of installing a Linux Splunk Universal Forwarder (UF) with the aim of automating the process.

Basics of Network Connectivity Troubleshooting

Thu, 01 Jun 2023 13:51:56 +0000

In this guide, we will explore network connectivity troubleshooting using a simple use case.

Splunk Enterprise Backup Strategy - Secure Your Configuration Files

Fri, 26 May 2023 23:25:01 +0000

Maintaining a reliable backup strategy is crucial when working with Splunk Enterprise, as it ensures the ability to revert back to a functional state in the event of an unrecoverable issue. In this article, we will explore a simple yet effective method of backing up Splunk’s /opt/splunk/etc directory.

SSH Key-Based Authentication

Thu, 25 May 2023 13:53:38 +0000

Let’s take a look at how to set up key-based authentication for SSH. This method is useful for building scripts that require connections to other hosts or just for everyday quality of life improvements. A similar setup can be used for authenticating to a Linux host from a modern Windows installation.

🙁 - Rich Dad Poor Dad

Wed, 24 May 2023 14:10:58 +0000

Rich Dad Poor Dad by Robert Kiyosaki and Sharon Lechter lacked practical action items, with familiar concepts and excessive promotion overshadowing its value, making it fall short of expectations despite the buzz and recommendations.

Test Windows Network Connectivity with Test-NetConnection

Tue, 23 May 2023 19:27:11 +0000

When troubleshooting network connectivity issues on a Windows system, the Test-NetConnection PowerShell cmdlet can be a valuable tool. It allows you to test network connectivity to a specific host and port, providing useful information for diagnosing and resolving issues.

Tar Command Cheat Sheet

Tue, 23 May 2023 19:18:49 +0000

Tar is a widely used command-line utility for archiving and compressing files and directories on Linux systems. It provides a convenient way to create and manage compressed tar archives. Here is a handy cheat sheet for using tar with different operations.

How to Force Reset Splunk Admin Credentials

Tue, 23 May 2023 19:04:13 +0000

Have you forgotten your Splunk admin credentials and have no way of resetting them? This process walks through resetting the credentials from the CLI.

How to Install Splunk 9.x on Ubuntu

Tue, 23 May 2023 15:34:54 +0000

Lets take a look at the steps needed to install Splunk 9.x on a Ubuntu Linux server.

Installing Docker and Docker-Compose on Ubuntu 20.04

Tue, 23 May 2023 15:16:00 +0000

This is the process for installing Docker and Docker-Compose on Ubuntu 20.04

How to Install and Test AWS CLI on Linux

Fri, 19 May 2023 10:54:35 +0000

AWS Command Line Interface (CLI) is a powerful tool that allows you to interact with Amazon Web Services (AWS) through the command line. This guide will walk you through the installation process of AWS CLI on Linux and provide additional commands for testing its functionality.