GitHub

jfcarr/json-for-splunk

This demonstrates two methods of generating JSON-ish key-value formatted output suitable for indexing by Splunk. I say 'JSON-ish' because Splunk doesn't require a well-formed JSON file, just ...
note

Splunk json形式のログが二重に表示される場合の対処法

Splunkでログの検索をかけた際に、ログのフィールドの値が二重に表示される場合の対処法を記載します。 これはjson形式でログを取り込んだ際に発生する場合があります。 例)ログフィールドが二重で表示されてしまう この場合はソースタイプの設定変更で ...
GitHub

dmaislin-cribl/cribl_splunk_forwarder_windows_xml_events_to_json

This pack is designed to transform Splunk Windows Sysmon/XML events to JSON, reduce event sizes, be compliant with the Splunk Common Information Model (CIM) and ...
Ars Technica

ELK Stack - Logging Best Practices

We've got a pretty sizable Splunk deployment going, about 1.5TB/day of application logs coming in. There is discussion about starting an initiative to set some enterprise-wide standards for logging ...