Splunk

Awesome Splunk ¶

A curated list of awesome apps, visualisations and other resources for Splunk.

Splunk captures, indexes, and correlates real-time data in a searchable repository from which graphs, reports, alerts, dashboards, and visualizations can be generated. It is widely used in industries such as finance, utilities, healthcare and manufacturing for use-cases including security, compliance and IT service monitoring.

Basics Basic resources for getting started

Basics¶

Basic resources for getting started with Splunk.

Splunk Website - Splunk's Homepage.
Downloads - Download page.
Previous Releases - Previous versions of Splunk Enterprise, Splunk Forwarders.
Splunk Answers - Splunk's Community Questions and Answers.
SplunkBase - Splunk and Community built apps and add-ons.
Splunk Blogs - Blog posts on various topics.
Splunk Dev - Develop on Splunk.
Free Dev License - Request a free Splunk Developer license.
Splunk Docs - Documentation.
Splunk Sizing Calculators
Storage - Web Based Storage Requirement Calculator.

Apps¶

Recommended Splunk Apps.

Splunk App for Infrastructure - Correlate logs and metrics for infrastructure monitoring.
Splunkbase Entry - Download page.
SAI Documentation - Splunk App for Infrastructure Documentation.
SAI Install Guide
Miscellaneous Scripts for fixing issues with the Universal Forwarder - This kit was compiled based on common issues with Splunk deployments and managing idiosyncrasies that tend to naturally occur.

Premium Apps¶

Premium Apps for Splunk.

Enterprise Security¶

Splunk Enterprise Security is the nerve centre of the security ecosystem, giving teams the insight to quickly detect and respond to internal and external attacks, simplify threat management minimizing risk.

ES Home Page - Splunk's Home Page for Enterprise Security.
ES Splunkbase Entry - Download page (if licensed).
ES Documentation - Splunk documentation for Enterprise Security.
Awesome-ES - An Awesome list for all things Enterprise Security.

IT Service Intelligence¶

Splunk IT Service Intelligence (ITSI) is a monitoring and analytics solution powered by artificial intelligence for IT Operations (AIOps) that provides visibility into health and key performance indicators of critical IT and business services, and its infrastructure.

ITSI Home Page - Splunk's Home Page for IT Service Intelligence.
ITSI Splunkbase Entry - Download page (if licensed).
ITSI Documentation - ITSI Documentation.
Awesome-ITSI - An Awesome list for all things IT Service Intelligence.

Visualisations¶

Event Timeline Viz - Interactive timeline with call-outs for events.
Timeline - Interactive timeline.
Halo - Hierarchical, relational pie charts.
Heat Map - A grid of related measurements, colour intensity derived from the value.
Calendar Heat Map - Heatmap broken down by days.
Punchcard - Punchcard Visualisation.
Horizon Chart - Horizon Chart Visualisation.
Sankey Diagram - Sankey Diagram Visualisation.
WebGL Globe - Spinning globe with events correlated to locations (flashy C-level eye-candy).
Splunkbase Custom Visualizations - Download other custom visualizations from Splunkbase.

Conferences, Meet-Ups and Socialising¶

UserGroups - Find a nearby usergroup.
.Conf - Splunk's annual conference website.
Past .Conf Material - Watch past presentations and download the slides from past .conf presentations.
Splunk UserGroups Slack - Splunk's publicly accessible Slack.
/r/Splunk - Unofficial Sub-Reddit.
IRC - Instructions for connecting to #splunk of Efnet.
Splunk Store - Order some Splunk Schwag you missed from a meetup or .conf.
Splunk Trust - The Splunk Trust is an invite only group of Splunk Ninjas.

Unofficial Resources¶

Useful Splunk resources that are not specifically associated with Splunk Inc.

Personal Home Pages¶

Simon Duff - Miscellaneous scripts and visualisations.
Ryan Faircloth - Security and Syslog related materials.
George Starcher - Many Splunk related items, including details on Splunk ES's Extreme Search.
Anthony Tellez - Security and Machine Learning items.
Duane Waddle - Miscellaneous Splunk items.
Vladimir's GitHub - Code for a number of Splunk resources, including CIM Validation.
Nico's GitHub - Repository of searches and dashboards to assist with optimising concurrency settings.
David Veuve - Some early resources on Splunk basics and optimisations (infrequently updated).

SPL Repositories¶

Collections of useful Splunk searches

GoSplunk - Search Engine for Splunk Queries split by sourcetype and use-case.

Contribute¶

Contributions welcome! Read the contribution guidelines first.

Licence¶

To the extent possible under law, Simon Duff has waived all copyright and related or neighbouring rights to this work.