Splunk Cheat Sheet

Splunk Cheat Sheet Github
Splunk Queries Cheat Sheet
Splunk Cheat Sheet Pdf
Common Splunk Queries
Splunk Command Cheat Sheet

Use Splunk to generate regular expressions by providing a list of values from the data. Scenario: Extract the first word of each sample phrase from windbag. Step 1, find the samples. Step 2, extract the field.
When you add data to Splunk, Splunk processes it, breaking the data into individual events, timestamps them, and then stores them in an index, so that it can be later searched and analyzed. By default, data you feed to Splunk is stored in the 'main' index, but you can create and specify other indexes for Splunk to use for diff erent data inputs.

With some well-developed VI skills, it makes it quite easy to configure or reconfigure your Splunk installs, especially those installs such as the Universal Forwarder, which does not have a Splunk Web UI. So here: is the cheat sheet I use. It’s not an all-inclusive cheat sheet, but it covers about 90% of the commands that are available to you. Cheat sheet for splunk search command line. Contribute to xmonster-tech/splunksheet development by creating an account on GitHub.

List active stanzas on Linux forwarder

/opt/splunkforwarder/bin/splunk cmd btool inputs list

List active stanzas and show locations on Linux forwarder

/opt/splunkforwarder/bin/splunk cmd btool inputs list --debug

Add a new log to the on a linux forwarder stanzas ( in this example we add the apache access log )

/opt/splunkforwarder/bin/splunk add monitor /var/log/apache2/zds_access.log -index default -sourcetype access_log

Remove log from stanzas on a linux forwarder ( in this example we add the apache access log )

/opt/splunkforwarder/bin/splunk remove monitor /var/log/apache2/zds_access.log

View all sourcetypes by typing the following to the search field on the splunk console

| metadata type=sourcetypes index=* OR index=_*

In looking into compromised systems, often what is needed by incident responders and investigators is not enabled or configured when it comes to logging. To help get system logs properly Enabled and Configured, below are some cheat sheets to help you do logging well and so the needed data we all need is there when we look.

Cheat Sheets to help you in configuring your systems:

The Windows Logging Cheat SheetUpdated Feb 2019
The Windows Advanced Logging Cheat SheetUpdated Feb 2019
The Windows HUMIO Logging Cheat Sheet Released June 2018
The Windows Splunk Logging Cheat Sheet Updated Sept 2019
The Windows File Auditing Logging Cheat Sheet Updated Nov 2017
The Windows Registry Auditing Logging Cheat Sheet Updated Aug 2019
The Windows PowerShell Logging Cheat Sheet Updated Sept 2018
The Windows Sysmon Logging Cheat Sheet Updated Jan 2020

MITRE ATT&CK Cheat Sheets

The Windows ATT&CK Logging Cheat Sheet Released Sept 2018
The Windows LOG-MD ATT&CK Cheat Sheet Released Sept 2018

The MITRE ATT&CK Logging Cheat Sheets are available in Excel spreadsheet form on the following Github:

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Update Log:

SysmonLCS:Jan 2020 ver 1.1

Fixed GB to Kb on log size

WSplunkLCS:Sept 2019 ver 2.22

Minor code tweaks, conversion

WSysmonLCS:Aug 2019 ver 1.0

Initial release

WRACS:Aug 2019 ver 2.5

Added a few more items

WSLCS:Feb 2019 ver 2.21