Splunk

I spend a lot of time with my head deep in Splunk. Along the way I create a lot of documentation to help my understanding of how Splunk works, but also to help others. Here are some of the documents and diagrams I’ve created.

Splunk Data Onboarding Cheat Sheet

I created this because I kept forgetting the order in which Splunk executes configurations. It blew up from there. PDF

Common Splunk Network Ports

With every new component, there are new ports. Over time, it gets pretty confusing. PDF

Where do my Splunk props.conf settings belong?

One of the most common problems we see on Slack is admins putting their props on the wrong node for the configuration. I created this flow chart to help guide folks. PDF

Splunk props.conf settings indexing pipeline order

This started with a question about which configuration happens first. After some asking around, and some testing, I came up with this. PDF