Tamara is a member of Splunk's SURGe team, where she helps with the behind the scenes work for the team. Before joining Splunk, she worked as a network engineer.
This article discusses a foundational capability within Splunk — the eval command. Need to pick a couple commands for your desert island collection? eval should be one!
Another excellent tool for your threat hunting: RegEx! SPL offers two commands for utilizing regular expressions in Splunk searches. See how to do it here.
The stats command is a crucial capability when you’re threat hunting. And so are two related commands: eventstats & streamstats. Get all the details, right here.
Behold the power of metadata and tstats commands! These commands will quickly provide situational awareness of your hosts and sourcetypes as you begin hunting.
Let's look at how to use the popular Splunk Stream App for our favorite purpose: threat hunting! This is part of our Threat Hunting with Splunk series.