While we wait for the slides and app to be published from .conf2015 Steve and I wanted to have a PDF ready for sharing immediatly! Remember, these queries are for "Splunkspiration", take them and adapt them to work in your environment... and if you find errors or improve on my SPL, let us know! Also, special thanks to Cedric Le Roux and Sebastien Tricaud for making multiple tools that I love and patching "feature requests" at my humble requests.
We had several people ask to see the videos in the presentations again. Ive added them here above.
- URL Toolbox - Able to breakdown URL and DNS queries into seperate Splunk fields and much much more!
- Base64 - Decodes base64 encoded strings in Splunk
- Common Information Model - Takes CIM data and creates datamodels