├── AvoidNFS.md ├── CustomAlerts.md ├── DashboardDesign.md ├── Dashboard_Examples_XML ├── Splunk2kDashboard.xml ├── base_search_with_export.xml ├── cooltextcss.xml ├── employee_timetracker.xml ├── eval_token_to_uppercase.xml ├── multi-inputs.xml ├── pie_to_table.xml ├── popup_panel.xml └── table_column_color_formatting.xml ├── DocumentDashboards.md ├── GoodJSONHabits.md ├── IndexedFields.md ├── README.md ├── RegularExpressions.md ├── Snippets ├── accum_with_mod.spl ├── combine_multiple_fields_wildcard.spl ├── count_events_by_month.spl ├── day_of_week_aware_deltas.spl ├── eval_field_from_value.spl ├── find_subnets_multiple_indexes.spl ├── find_traffic_fw_events_src_ip.spl ├── findbackloggedhosts.spl ├── generate_percentage_sum_two_fields.spl ├── get_date_from_lookup_filename.spl ├── gethosts.spl ├── hosts_new_last_month.spl ├── hourly_outputlookup_associated_search_alerts.spl ├── incremental_inputlookups.spl ├── ipwithcidr_tosubnet_tobinary.spl ├── lookup_time_filter.spl ├── multivalue fields.spl ├── multivalue_field_domain_parts.spl ├── network_direction_selfjoin.spl ├── percentage_of_ip_in_another_index.spl ├── proving_a_negative.spl └── renamed_sourcetypes.spl ├── coding_style.md ├── forwarders └── setting_up_a_hf.md ├── spath_list_of_objects.md └── validation ├── README.md └── simplexml.rng /AvoidNFS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/AvoidNFS.md -------------------------------------------------------------------------------- /CustomAlerts.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/CustomAlerts.md -------------------------------------------------------------------------------- /DashboardDesign.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/DashboardDesign.md -------------------------------------------------------------------------------- /Dashboard_Examples_XML/Splunk2kDashboard.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Dashboard_Examples_XML/Splunk2kDashboard.xml -------------------------------------------------------------------------------- /Dashboard_Examples_XML/base_search_with_export.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Dashboard_Examples_XML/base_search_with_export.xml -------------------------------------------------------------------------------- /Dashboard_Examples_XML/cooltextcss.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Dashboard_Examples_XML/cooltextcss.xml -------------------------------------------------------------------------------- /Dashboard_Examples_XML/employee_timetracker.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Dashboard_Examples_XML/employee_timetracker.xml -------------------------------------------------------------------------------- /Dashboard_Examples_XML/eval_token_to_uppercase.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Dashboard_Examples_XML/eval_token_to_uppercase.xml -------------------------------------------------------------------------------- /Dashboard_Examples_XML/multi-inputs.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Dashboard_Examples_XML/multi-inputs.xml -------------------------------------------------------------------------------- /Dashboard_Examples_XML/pie_to_table.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Dashboard_Examples_XML/pie_to_table.xml -------------------------------------------------------------------------------- /Dashboard_Examples_XML/popup_panel.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Dashboard_Examples_XML/popup_panel.xml -------------------------------------------------------------------------------- /Dashboard_Examples_XML/table_column_color_formatting.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Dashboard_Examples_XML/table_column_color_formatting.xml -------------------------------------------------------------------------------- /DocumentDashboards.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/DocumentDashboards.md -------------------------------------------------------------------------------- /GoodJSONHabits.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/GoodJSONHabits.md -------------------------------------------------------------------------------- /IndexedFields.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/IndexedFields.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/README.md -------------------------------------------------------------------------------- /RegularExpressions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/RegularExpressions.md -------------------------------------------------------------------------------- /Snippets/accum_with_mod.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/accum_with_mod.spl -------------------------------------------------------------------------------- /Snippets/combine_multiple_fields_wildcard.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/combine_multiple_fields_wildcard.spl -------------------------------------------------------------------------------- /Snippets/count_events_by_month.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/count_events_by_month.spl -------------------------------------------------------------------------------- /Snippets/day_of_week_aware_deltas.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/day_of_week_aware_deltas.spl -------------------------------------------------------------------------------- /Snippets/eval_field_from_value.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/eval_field_from_value.spl -------------------------------------------------------------------------------- /Snippets/find_subnets_multiple_indexes.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/find_subnets_multiple_indexes.spl -------------------------------------------------------------------------------- /Snippets/find_traffic_fw_events_src_ip.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/find_traffic_fw_events_src_ip.spl -------------------------------------------------------------------------------- /Snippets/findbackloggedhosts.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/findbackloggedhosts.spl -------------------------------------------------------------------------------- /Snippets/generate_percentage_sum_two_fields.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/generate_percentage_sum_two_fields.spl -------------------------------------------------------------------------------- /Snippets/get_date_from_lookup_filename.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/get_date_from_lookup_filename.spl -------------------------------------------------------------------------------- /Snippets/gethosts.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/gethosts.spl -------------------------------------------------------------------------------- /Snippets/hosts_new_last_month.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/hosts_new_last_month.spl -------------------------------------------------------------------------------- /Snippets/hourly_outputlookup_associated_search_alerts.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/hourly_outputlookup_associated_search_alerts.spl -------------------------------------------------------------------------------- /Snippets/incremental_inputlookups.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/incremental_inputlookups.spl -------------------------------------------------------------------------------- /Snippets/ipwithcidr_tosubnet_tobinary.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/ipwithcidr_tosubnet_tobinary.spl -------------------------------------------------------------------------------- /Snippets/lookup_time_filter.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/lookup_time_filter.spl -------------------------------------------------------------------------------- /Snippets/multivalue fields.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/multivalue fields.spl -------------------------------------------------------------------------------- /Snippets/multivalue_field_domain_parts.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/multivalue_field_domain_parts.spl -------------------------------------------------------------------------------- /Snippets/network_direction_selfjoin.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/network_direction_selfjoin.spl -------------------------------------------------------------------------------- /Snippets/percentage_of_ip_in_another_index.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/percentage_of_ip_in_another_index.spl -------------------------------------------------------------------------------- /Snippets/proving_a_negative.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/proving_a_negative.spl -------------------------------------------------------------------------------- /Snippets/renamed_sourcetypes.spl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/Snippets/renamed_sourcetypes.spl -------------------------------------------------------------------------------- /coding_style.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/coding_style.md -------------------------------------------------------------------------------- /forwarders/setting_up_a_hf.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/forwarders/setting_up_a_hf.md -------------------------------------------------------------------------------- /spath_list_of_objects.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/spath_list_of_objects.md -------------------------------------------------------------------------------- /validation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/validation/README.md -------------------------------------------------------------------------------- /validation/simplexml.rng: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChrisForsythe/SplunkStuff/HEAD/validation/simplexml.rng --------------------------------------------------------------------------------