Fixing Scripted Inputs in Tiered Deployments
The Splunk App for Microsoft Exchange has a useful lookup named ad_username. It takes the various forms that you can logon to a domain as (like DOMAIN\user and user@domain.com) and normalizes them....
View ArticleControlling 4662 Messages in the Windows Security Event Log
You’ve just installed the Splunk App for Windows Infrastructure, or its friend the Splunk App for Exchange. You’ve followed all the instructions, placed the Universal Forwarders on the domain...
View ArticleInstall Splunk with PowerShell (2014 Edition)
One of our avid twitter followers asked how to reliably install the Splunk Universal Forwarder on a Windows host with PowerShell last week. I’ve posted about all the intricacies involved before but...
View ArticleMonitoring Local Administrators on Windows Hosts
It is always gratifying when one of my readers comes to me with a problem. I love challenges. This one had to do with one of my old posts surrounding Local Administrators remotely. Of course, the way...
View ArticleClik here to view.
What’s new in TA-windows 4.7.0?
If you are a Windows admin and use Splunk then you’ve likely deployed Splunk_TA_windows on your endpoints. It’s a central method for handling Windows data and has all the extractions you need to handle...
View ArticleIntegrating Active Directory into Splunk with SA-ldapsearch
On Tuesday, I introduced one of the first presentations at .conf2014 – a major update to the SA-ldapsearch app. This new app has now launched and you can download it at...
View ArticleSplunk 6.2 Feature Overview: XML Event Logs
We’ve been (rightly) criticized for a couple of things in recent years. Firstly, when you configure a Windows Event Log, it’s too big. This is because we combine the event log object with the message...
View ArticleSplunk 6.2 Feature Overview: Perfmon Delocalization
Last week, I covered the XML Event Logs – an awesome feature that will reduce your data ingest, increase the fidelity of the data that is stored and allow us to work with localized data. Today, I want...
View ArticleSplunk App for SharePoint goes Open Source
For about the last year, I’ve been working on an update to the Splunk App for SharePoint. But it isn’t the one you would expect. I’ve been working to open source the app. At the end of the day the best...
View ArticleMonitoring Network Traffic with Sysmon and Splunk
Every IT guy has a set of tools that they use every day. One of mine is sysinternals. It’s a set of Windows utilities made available by Microsoft that do a whole slew of things. You can install them...
View Article