Security Blogs

Designing Glass Tables and/or Dashboards is a critical element in your ITSI configuration. The correct implementation will help communication to your visualization audience/consumer. Let’s discuss a few points to help steer your decision making process.

No matter the size of your organization, deploying Splunk in your environment is a big decision. After all, it can scale from very small to

In a Splunk environment, Splunk operations are controlled by configuration files (conf files). Configuration of the file settings are essential to the proper running of the Splunk instance. In this article, we walk through how to properly configure the file settings to ensure that your Splunk instance is running optimally.

UBA, User Behavior Analytics, is a Premium Splunk App that leverages machine learning technologies, to secure an organization from insider threats while also providing outsider threat monitoring and alerting capabilities. In this blog we will cover frequently asked questions around UBA and its functionality.

In this article we will walk you through what post process searching is, how it can help you optimize your dashboards, and why it is important.

Transaction processing can involve transactions flowing from multiple sources. In that case, you can use Splunk ITSI to drill down to issues with specific transaction end points.

Did you know that all Splunk Knowledge Objects (KO) generated during a search are maintained in memory? Sure, any one KO in itself doesn’t take up a lot of memory, but run a search that returns 10 million events… You can do the math!

Did you know that Splunk has the capability to ingest non-log based data through multiple onboarding methods? In this blog, we will touch on API based data ingestion, as it is traditionally the most common method utilized.

Many Splunk customers start with a single disk for storing Indexes and then want to make changes. In this guide we will discuss the steps to move hot/warm buckets onto faster disks and move cooler buckets to cheaper storage.

Splunk WLM (Workload Management) provides the ability to allocate compute and memory resource to search, indexing, and other processes such as scripted inputs. This allows you to allocate the right resources to your Splunk server depending on its role.