Hi, Can we get the link for the indexes.conf file shown in the video and steps to upload it in splunk ? I am not able to find it. Could you please help ?

number 1 !!! you saved my day 🙂

Felt hard to understand as we dived immediately into chart. I was under impression we start with basic searches and navigate to this. can you mention the syntax of the command for reference?

Option D. We can go to edit dashboard and can move the panel to different location in dashboard. Correct?

This is super helpful! I like how you used the makeresults as quick work around to not having the data needed for demonstration purposes. I was wondering if you can potentially make a video on creating small scale purple lab environment with sysmon on the victim box. I’m not sure what experience you have with red team operations but even performing some TTP’s in MITRE against that box and then going in splunk and hunting for that data.

Thanks for your Videos. I got stuck at 04:13 in SOAR user role creation step. It is showing "ERROR: At least one of the following roles is required to view this page: splunk_app_soar, splunk_app_soar_dashboards, or admin. Contact your Splunk administrator for access." Its looks , we cannot create roles in Splunk Free version and hence we cannot proceed ahead. This all started with below error snapshot: "Fetch roles collection failed. Details: [object Response]"

Thank you for this!

Nice video! I’ve run the Splunk Secure Gateway and added devices. However, now my dashboards either won’t run on the mobile devices or the app crashes while loading. How would you recommend I troubleshoot this issue?

Is this available via member only videos too in the channel?

Nice! Unfortunately some environments do not like saving logs on a splunk server for whatever reason, so they force you to go source > syslog > splunk

i needed this, thank you.

Becoming a member of your channel is hands down the best decision I've made in my journey as cybersecurity analyst. I've been privileged to go to some very expensive training on various tools and you blow them out of the water with your teaching skills. Definitely a gifted talent you have! Congrats to those who won!!!

HI LAme after aply yhe command my interface vmbr0 stop working , there is way to convert or remove the command ?

Thank you Team.

Congratulations Circa 🎉

Congratulations Jeff 🎉

Congratulations vishnu 🎉

Thanks for the content. How can I tru to be a expert solunker if habe only 60 days free trial of Splunk? Thanks

Gracias

Absolutely amazing!

love it

Totally helped, thanks!

Lame creation, please 🙏 can you develop a splunk cloud course in splunk cloud free trail as a course as soc lab I have challenge on how to setup

Nice explanation. Unfortunately rename is not working for me.

Awesome tutorial!! I've been doing search bootcamps/workshops for Splunk users and the first thing I teach them is how to use the fields command. Everyone starts off with Verbose searches to see all the fields and check their respective values for which ones they want to use. Fields command is great to use for this because it teaches the importance of not only finding the fields they NEED, but also savings a lot of time waiting for the searches to return. Lastly, when saving reports for later or for dashboards, it never hurts to keep the fields command there. Yes, reports in a dashboard basically run as "fast" searches, but it is good practice to use fields whenever one can.

very useful for a beginner -- thank you for adding high quality instructions on a complex piece of software 🙇‍♂

Good job..

I don't see any links or these courses

Just order the 2 books...thank you Troy for always help splunk community.

Super..checking this now!!!

Great insights

Good one

I needed this one

Before you update your Splunk version is it needed to update your Splunk apps first?

If i have a .deb install can i use dpkg and unpack the file into same directory of my current install similar to what you did with the tgz in this video? Basically i guess im asking are all other steps the exact same for a .deb

love the content, thank you!