Posts

Cribl Persisent Queue

Beyond Smart: When ‘Always On’ Mode is the Best Choice for Cribl Persisent Queues

If your Cribl environment was set up a few years ago, it might be time to revisit some of your settings—particularly the Persistent Queue (PQ) settings on your source inputs. Recently, while troubleshooting an issue, I discovered that the PQ settings were the root cause of the problem. I wanted to share my findings in case they help you optimize your Cribl setup.

Read more

Help Getting Started with Splunk Asset and Risk Intelligence (ARI)

With the recent release of Splunk Asset and Risk Intelligence (ARI), you may be looking for a better understanding of this great new solution and how you may get started. We have compiled a list of materials and resources you can use to help achieve this goal.

Read and Learn

Product overviews and briefs

If this is your first time reading up on Splunk Asset and Risk Intelligence, check these out first:

> Our Splunk Asset and Risk Intelligence overview
> Splunk Asset and Risk Intelligence web page
> Splunk Asset and Risk Intelligence Product Brief
> Splunk Asset and Risk Intelligence Technical Brief

Splunk Asset and Identity Intelligence E-book

Splunk has published an essential guide, which outlines several use cases to explore.

> Essential Guide to Continuous Asset and Identity Intelligence

Blog posts

Get a quick look at the Splunk ARI interface with screen shots of the platform, along with information about its features and capabilities through the following blog posts:

> Introducing Splunk Asset and Risk Intelligence
> Asset Discovery with Splunk Asset and Risk Intelligence
> Asset Investigations with Splunk Asset and Risk Intelligence
> Asset Activity with Splunk Asset and Risk Intelligence
> Asset Risk with Splunk Asset and Risk Intelligence
> Continuous, and Compliant: Obtain Proactive Insights with Splunk Asset and Risk Intelligence

Watch and Interact

Videos

> Splunk Asset and Risk Intelligence Intro video

Tours

> Take the Splunk Asset and Risk Intelligence Guided Tour

Demos

> Book a demo with Discovered Intelligence

Help and Support

Splunk Answers

Get answers from the community

> Splunk Answers – ARI

Splunk Documentation

Get specific instructions for tasks within the Splunk ARI platform by reviewing the documentation:

> Splunk Asset and Risk Intelligence Documentation

Splunk ARI Professional Services

It is often quicker, easier and more cost effective to get the Splunk ARI experts in. Our award winning consultants are highly trained on Splunk ARI and will ensure your continued success.

> Splunk ARI Quick Start Program
> Splunk ARI Professional Services

Contact Us

Contact us today to find out more about Splunk Asset and Risk Intelligence and how we can help you be successful.


Looking to expedite your success with Splunk ARI? Contact us today to discuss and get started.

© Discovered Intelligence Inc., 2024. Unauthorized use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.

Export Splunk Cloud apps

Export Your Splunk Cloud Apps

Splunk Cloud Platform recently got an exciting new feature, it’s the new app export feature which provides cloud admins self-service capability to export app configuration files and associated app data.

Read more
splunk saved search

Running a Splunk Search in a Different Time Zone

We had a recent request to create a Splunk alert that runs hourly with a time range of midnight UTC of current date to current time.   This sounds like an easy request, but when you look into it it’s a bit more complicated than it seems.  

Read more

Enhancing Security Operations: The Unified Integration of Splunk ES and SOAR

Integrating Splunk Enterprise Security (ES) with Splunk Security Orchestration, Automation and Response (SOAR) can significantly enhance your organization’s security operations. By automating alert handling and response processes, this integration streamlines security incident management and enables faster, more effective threat mitigation. Splunk SOAR empowers security teams to automate actions based on Splunk ES detections using assigned playbooks, enabling seamless incident resolution.

Read more

Setting Up a Splunk Testing Environment Using Terraform & GCP

Overview

Have you ever wished you had a fresh ephemeral Splunk instance that you could quickly spin up, run some tests and then kill it, with maximum speed and minimum cloud costs?

Enter Hashi Terraform to the rescue. The industry-leading infrastructure-as-code tool makes the standup, setup and teardown of cloud compute nodes simple, speedy and repeatable so that an environment can be built, a complete set of tests can be run, results received and the test nodes destroyed in minutes rather than hours.

In this whitepaper, I show how I set up my computer and built the Search Head and Deployment server, as well as how I set up the many Splunk Universal Forwarders to satisfy the test plan.

Download Whitepaper

Get access to this exciting whitepaper now, by completing the form below.


Looking to expedite your success with Terraform? Click here for more information about our Terraform Professional Service offerings, including:

  • Terraform Implementation
  • Infrastructure Migration using Terraform
  • Implementing Zero Trust Architectures
  • Terraform Operational Assessment

4 Enhancements to Elevate Your Splunk Platform

Still winding down from the incredible experience at .conf24, where we delved into the latest market trends, we’ve uncovered several fascinating enhancements for the Splunk platform. These improvements not only elevate the performance and efficiency of Splunk but also offer exciting features that will be available in future releases. Join us as we explore four powerful upgrades that can be used in your Splunk environment.

Read more

Building a Unified View: Integrating Google Cloud Platform Events with Splunk

By: Carlos Moreno Buitrago and Anoop Ramachandran

In this blog we will talk about the processes and the options we have to collect the GCP events and we will see how to collect those in Splunk. In addition, we will even add integration with Cribl, as an optional step, in order to facilitate and optimize the process of information ingestion. After synthesizing all of this great information, you will have a great understanding of the available options to take, depending on the conditions of the project or team in which you work.

Read more

How to Create a Splunk KV Store State Table or Lookup in 10 Simple Steps

As of Splunk 6.2, there is a Key-Value (KV) store baked into the Splunk Search Head. The Splunk KV store leverages MongoDB under the covers and among other things, can be leveraged for lookups and state tables. Better yet, unlike regular Splunk CSV lookups, you can actually update individual rows in the lookup without rebuilding the entire lookup – pretty cool! In this article, we will show you a quick way of how you can leverage the KV store as a lookup or state table. Read more

How to Secure and Harden Splunk Enterprise

The following blog posting provides guidance on steps that can be taken to secure and harden Splunk environments. Many of the security feature essentially follow security best practices, while others would probably only be implemented if there was a business or regulatory need to do so. Read more