登录查看更多内容

Splunk Best Practices

Matheus M.

Splunk Architect & Splunk ES/ITSI Analyst @ EDP | Master in Management @ Insper | Entrepreneur @ MB2 Analytics

发布日期: 2024年9月13日

?? If you’ve ever worked with Splunk, you know the challenge

When you’re handed the task of administrating a Splunk instance that someone else configured, it can feel like a detective mission! ?? Most of the time, the previous setup wasn't done with best practices in mind (or with the same level of knowledge you bring to the table ??).

You end up spending hours digging through configurations, figuring out how things are connected, which machines are talking to the instance, what sourcetypes are being used, and what inputs have been set up. It’s overwhelming!

And let’s be honest—taking over an instance you didn’t configure can be HARD. You might even find yourself thinking, “Where do I start?”

Well, here's my take: a good place to begin is by checking if Splunk best practices were followed. But then we hit another bump:

?? What exactly are the official best practices for Splunk?

Ask around, and you’ll probably get someone’s personal list of practices they've picked up over their career. But it’s rare to find a full, comprehensive list of ALL best practices in one place.

G2Xchange 1 个月前

Consolidation Doesn’t Guarantee Reduced Costs

Muimtaz (Mimi) Shalash 1 年前

Mimikatz DCSync Event Log Detections

John Dwyer 3 年前

That’s where I come in. ??

I’ve put together a living list of Splunk best practices based on official trainings I’ve taken, and I’m constantly updating it as I learn more, take new courses, and connect with others in the field. Is it complete? No, and it never will be—but it’s as thorough as it can be right now.

Splunk Best Practices List

Take advantage and have a look at the repository itself. There are a lot of useful things there, and I'll be adding more over time.

?? On top of that, I want to shout out to Aplura, LLC, which has an amazing resource page filled with best practices that’s been invaluable to me over the years.

One of the best things about the Splunk community is how we support each other. So, I encourage you to share these resources—whether it's with your Interns, Junior team members, or fellow Splunk enthusiasts. ??

Trust me, anyone starting their journey with Splunk would love to have these documents in hand!

#DataAdministration #SystemAdministration #SplunkAdmin #SplunkTraining #ITBestPractices #TechCommunity #DataAnalytics #BigData #EnterpriseSecurity #BestPractices #Splunk #Inputs #Sourcetypes

Splunk Best Practices

Matheus M.

Splunk Architect & Splunk ES/ITSI Analyst @ EDP | Master in Management @ Insper | Entrepreneur @ MB2 Analytics

?? If you’ve ever worked with Splunk, you know the challenge

领英推荐

That’s where I come in. ??

更多精彩文章

社区洞察

其他会员也浏览了

Mimikatz DCSync Event Log Detections

Grati-Sunday: Thank you, Splunk!

What Happened at DattoCon 2022? 7 Takeaways

Getting into shape this year

How I passed Splunk> Core Certified Power User on the first attempt...and how you can too!

echo "$(tput bold) Red Hat Summit and AnsibleFest did NOT disappoint!”

Understanding Splunk's Internal Index and Retention Policies

The ABCs of Splunk Part Three: Storage, Indexes, and Buckets

Rubrik Origin Story

?? If you’ve ever worked with Splunk, you know the challenge

领英推荐

That’s where I come in. ??

How to Create Advanced (and Beautiful) Splunk Dashboards

2024年9月27日

Useful Splunk Queries for Architects and Admins

2024年9月20日

社区洞察

其他会员也浏览了

Mimikatz DCSync Event Log Detections

Grati-Sunday: Thank you, Splunk!

What Happened at DattoCon 2022? 7 Takeaways

Getting into shape this year

How I passed Splunk> Core Certified Power User on the first attempt...and how you can too!

echo "$(tput bold) Red Hat Summit and AnsibleFest did NOT disappoint!”

Understanding Splunk's Internal Index and Retention Policies

The ABCs of Splunk Part Three: Storage, Indexes, and Buckets

Rubrik Origin Story