Demystifying Splunk Index Retention Settings

Demystifying Splunk Index Retention Settings

Splunk’s index retention settings might seem tricky because they involve various options. If you don’t fully understand these configuration options, you could encounter problems like data being deleted too early or not being removed as expected. Let’s explore some important index retention settings in indexes.conf.

October 4, 2023 · 6 min · 1231 words · Emlin
Splunk - How to Delete Events/Data from Splunk

Splunk - How to Delete Events/Data from Splunk

In this guide, we will go through the two main methods you can follow to delete events from Splunk.

August 30, 2023 · 5 min · 933 words · Emlin
How to Use Splunk Base Searches in Classic XML Dashboard

How to Use Splunk Base Searches in Classic XML Dashboard

Why Base Searches? Even when constructing a simple dashboard, you might have multiple panels that independently run their own searches within the dashboard. Splunk executes these searches separately, retrieves the results, and then displays the visualizations. This process could potentially cause the dashboard to take longer to load, as each panel completes its search individually. If these panels are based on the same initial data, utilizing a base search becomes advantageous....

August 25, 2023 · 7 min · 1418 words · Emlin
Getting Started with Splunk Using BOTS v3 Dataset

Splunk - Getting Started with Splunk Using BOTS v3 Dataset

If you’re looking to dive into Splunk and want a dataset to work with, the BOTS v3 (Boss of the SOC) dataset is a great choice. Lets look at the process of setting up the dataset in Splunk.

August 14, 2023 · 3 min · 429 words · Emlin
Linux Splunk Universal Forwarder Install Process and Silent Install

Linux Splunk Universal Forwarder Install Process and Silent Install

This guide will walk you through the process of installing a Linux Splunk Universal Forwarder (UF) with the aim of automating the process.

August 4, 2023 · 9 min · 1775 words · Emlin