As I talk to different Splunk users, watch twitter, read blog entries and have the great opportunity to speak and participate in Splunk events I always find it so interesting the various use cases people have for Splunk. True that most organizations have brought it in primarily for Security tasks but time and time again it's so easy to find other great uses for it. Through these discussions I've been able to find many new uses for Splunk, ones which I had not initially thought of or was unsure of how to approach. From this I thought it would be great to have a central point of reference to break down these use cases into the reports/searches built for them so people could gain from others successes.

 

This application was designed to give users usable data surrounding the requests being sent to their Barracuda Web Filter. The application was designed using data from a Barracuda Web Filter 310, even though the access logs should be universal across the Barracuda Web Filter family of appliances I cannot guarantee it will work with other versions. This app is freely available on Splunkbase here:

http://splunk-base.splunk.com/apps/31192/splunk-for-barracuda-web-filter

Pre-deployment Assumptions:

1. You have enabled syslog logging on your Web Filter appliance.

 

This application was designed to give users usable data surrounding the activity taking place on their RSA SecurID appliances. This application will work with both the RSA SecurID Appliance 130 and 230 models. It is freely available on Splunkbase here: http://splunk-base.splunk.com/apps/33495/splunk-for-rsa-securid-appliances

Pre-deployment Assumptions:

Finally I'm making this Splunk app freely available to the general public (see attachments to this post). I built this app almost a year ago and it is definitely not near perfection. I built it over a couple of days on spare time to work within our environment where we only have a few USPVM’s. So I can't speak for how well it scales or how well the searches work over very large data sets. Frankly it works for me and I haven't had enough spare time to invest into further development or optimization of it. This is why I am launching it here first and not on Splunkbase, sadly in my mind it's nowhere near ready to be on Splunkbase.

Just for reference... here are some searches extracted from the Deployment Monitor application (only slightly modified) and other useful ones. I know there are apps for this, obviously DM that I extracted some searches from. But who knows, sometimes these apps may not work.

The great ppl @ Splunk have also documented these searches and more:

http://www.splunk.com/wiki/Community:TroubleshootingIndexedDataVolume

http://www.splunk.com/wiki/Deploy:Splunk_Metric_Reports

Usage by source: