Search
  • danielpwilson

Learn Data Onboarding with Splunk? Start with the Conf Archive!

So today in the Splunk Facebook group I was asked a fair enough question. "how do I get data in". It's funny how simple this question can seem to someone starting with Splunk but as you gain experience how loaded this question is.


Rather than try and write a 100 page blog about data management in Splunk, what I'd rather due is


Two talk that have been outstanding for my ability as a Splunk admin are here

Data Curator Here we see gamification and monitoring of the quality of your data. I am shocked not more people do this. Creates an outstanding checklist for doing it right.

http://conf.splunk.com/session/2015/recordings/2015-splunk-103.mp4

Data Settings Here we go into details on managing the props.conf/transforms.conf and getting the data in. He makes it so simple. http://conf.splunk.com/session/2014/conf2014_AndrewDuca_Splunk_Deploying.mp4



But over thew years I've found these talks as well to be great.


Where do I begin? https://conf.splunk.com/files/2017/recordings/data-onboarding-where-do-i-begin.mp4

Indexes as Splunk Admin https://conf.splunk.com/files/2018/recordings/indexes-a-splunk-admins-fn1658.mp4

Getting Data Ready for Machine Learning https://conf.splunk.com/files/2018/recordings/getting-your-data-ready-fn1418.mp4

Retention and Data Rolling https://conf.splunk.com/files/2017/recordings/splunk-data-life-cycle-determining-when-and-where-to-roll-data.mp4 Data Obfuscation https://conf.splunk.com/files/2017/recordings/data-obfuscation-and-field-protection-in-splunk.mp4 Using Data Stream Processor https://conf.splunk.com/files/2019/recordings/FN2062.mp4 Data Transformation with DSP https://conf.splunk.com/files/2019/recordings/FN2033.mp4 Oh and by the way I got one of those fancy Twitters the kids have been talking about lately. Trying to keep that infosec oriented and my posts here Splunk oriented.

https://twitter.com/dpwinfosecguy

78 views0 comments

Recent Posts

See All

How do I learn Splunk administration?

Had an old coworker hit me up a week ago. He took a job as a SOC analyst where part of his job is going to be supporting Splunk. He's a smart guy but Splunk is more complex than it looks. Given I've a