SECURITY

Validating your Splunk instance

On Splunkbase, I’ve put up a useful app called Sanity Check My Splunk.

It makes sure that you haven’t made the most common mistakes in your Splunk instance or Apps.

Do you have too many concurrent searches? Do you have inadequate hardware?  Which of your searches are the least efficient?  Are you monitoring too many individual files?  Are your sources not properly typed?  Are you overly using the ‘join’, ‘append’, ‘lookup’, and ‘rex’ search commands?  Are you using Splunk 3.X old search modifiers?  Can your searches be simplified?  Are your tags too expansive? And more.

It requires Splunk 4.2.  Within Splunk, on the home page, click “Find more apps”, and type in Sanity.  Install!  Please give feedback on Splunkbase!.

----------------------------------------------------
Thanks!
David Carasso

Splunk
Posted by

Splunk

Join the Discussion