.Conf16 - Turning Security Use Cases into SPL

Have you ever stared at the search bar while deciding the best way to query Splunk for answers? Let’s face it, we’ve all been there. The pressure gets even more intense when you are building security use cases, hunting for threat actors and meeting compliance requirements to protect your organization from hackers. Make a mistake and you could create an unnecessary performance penalty in your environment. Even worse, accidentally miss the mark on your intended detection goal and your threats could go undetected. Splunk Professional Services will demonstrate for you common tried and tested SPL patterns that we use in building security use cases. We will also do a deep dive on the tstats command, and show you tips and tricks on how to effectively utilize data model acceleration summaries in your searches. Utilizing these pointers, you will have SPL patterns to choose from and apply to various use cases that also perform accurately and efficiently.

Video Slides