Tim Misiak

I'm playing around with splunk today. Installed the "universal forwarder" on my server, which was easy... And then wasted an hour trying to figure out where the data was. Apparently I just needed to search for "index=main". Now that I can see the data though, it looks really cool. I set up event log forwarding and I can really easily search for things like login failures.

The main reason for all this is to understand other ways people do debugging and diagnostics.

Nov 21, 2022 at 5:31amWeb
Show threaddaubsiNov 21, 2022
@tim You’re just at beginning of a journey 🤗 If you’ve got some home automation data, e.g. thermometer data via MQTT you can just start diving in and get some nice tangible dashboards soon. Apart from that Sysmon events are also a great source for Splunk searches