Mark Runals' Blog
Some sort of Data/SIEM/InfoSec blog.
Saturday, January 14, 2017
Adjusting Splunk forwarder phonehome / throughput
›
I was in the process of writing up a few things for a new EDU that is going to be spinning up a larger scale Splunk environment and figured ...
Sunday, November 20, 2016
Find saved searches in Splunk that are failing
›
I hope to circle back to this eventually. Until then --- enjoy: index=_internal log_level=ERROR SavedSplunker | stats count as Count by ho...
Saturday, April 9, 2016
Splunk admin tasks after you start getting data in...
›
I had the rather unique privilege to post a 3 part blog series on Splunk's official site recently. The focus was on some administration ...
Thursday, October 29, 2015
Moving toward Splunk's CIM
›
For those that don't know, for some time Splunk has been moving toward a Common Information Model (CIM). They are using this both a data...
Friday, October 2, 2015
Taming Verbose Windows Logs - Update
›
In looking at the Windows firewall logs coming out of the Security event viewer (mainly 5156) I realized the space in "program files...
‹
›
Home
View web version