I have begun building my own dashboards in Splunk. Once I have the custom views built, I will post them up here. So far everything I have been working on is with a system’s administrator in mind because that is what I have been doing for the past 12 years (wow, thats a long time). Currently I am building a view for searching failed logins and the source of lockouts. They tie in to one another. Our technicians want to be more involved in the systems administration and hopefully this will help them respond quicker to our customers. Everything comes from Splunk being installed on all our domain controllers. From there we get all the logs in to our central logging system (Splunk). Due to the amount of data we are pushing now everyday, we might have to build a backup environment just for our Splunk data. How awesome is this!
Uncategorized