Splunk

In this guide, we will go through the two main methods you can follow to delete events from Splunk.

Why Base Searches? Even when constructing a simple dashboard, you might have multiple panels that independently run their own searches within the dashboard. Splunk executes these searches separately, retrieves the results, and then displays the visualizations. This process could potentially cause the dashboard to take longer to load, as each panel completes its search individually. If these panels are based on the same initial data, utilizing a base search becomes advantageous....

If you’re looking to dive into Splunk and want a dataset to work with, the BOTS v3 (Boss of the SOC) dataset is a great choice. Lets look at the process of setting up the dataset in Splunk.

This guide will walk you through the process of installing a Linux Splunk Universal Forwarder (UF) with the aim of automating the process.

Maintaining a reliable backup strategy is crucial when working with Splunk Enterprise, as it ensures the ability to revert back to a functional state in the event of an unrecoverable issue. In this article, we will explore a simple yet effective method of backing up Splunk’s /opt/splunk/etc directory.