Why re-invent the wheel? Unless you are opposed to wasting man-hours, use a Splunk® search or query that is either exactly what you want or close enough you can modify to do just what you need.
Not everyone has the ability to operate on a network with constant web access. Copying SPL by hand can be a pain. This app hopes to lessen the burden of manually copying queries in from our website, and having it at your fingertips to use within your environment.
You will find most of these queries are not just plug-and-play. Queries are categorized in GoSplunk by sourcetype, but be sure to review the query for any fields that may break a search in your environment.
We can help. Please join our Discord server.
Please consider adding your known working queries to GoSplunk.com.
This app is currently in beta. Feedback is appreciated.
o Added ability to update the lookup file containing queries from GoSplunk.com
o Custom Queries added to separate lookup file with future ability to upload to GoSplunk.com
No fundamental changes, just some facelift updates.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.