Splunk Security Cheat Sheet
Apart from being a source of all too frequent and embarrassing typos, Splunk is a big data platform which allows you to interrogate data and present results is a variety of contexts and visualisations. I've been using it for a little over 12 months, self teaching or Googleing as I go, predominantly to sift through the terabytes of logs from various applications and appliances that get generated in my 9-5 every day.
|You can use Splunk to build dashboards which are typically better than the ones that come with the product (full size)|
I'm actively working back through my notes and adding to this all the time so it might be a good thing to reference via the URL or re-visit from time to time. I'll try to keep this as accessible as possible and base it around real world examples and use cases.
|Splunk is a great way to convert reams of log data into views which mean something (full size)|
Of course, there is a wealth of documentation over at http://docs.splunk.com and I'd highly recommend that if you start using Splunk you start there or at least turn to that as your primary reference. I'd also strongly recommend that you check to see if there is an existing Splunk App if you have a very specific requirement. Why re-invent the wheel if the vendor (or the community) has already built an app for that appliance / application you've just installed?
|Like maps? No problem (full size)|