Splunk Enterprise Fundamentals: Data Retention

Last week we looked at Splunk hardware and identifying the different pieces of a typical organisation's deployment. This week we're going to discuss data retention, and next week we'll tie it all together in a Standalone deployment. Let's begin with how data becomes searchable: data is sent to the indexer, it goes through the Parsing Pipeline, followed by the Indexing Pipeline. Read How Indexing Works for more detail, but essentially: 1) Data is forwarded to an indexer 2) Data is parsed, fields extracted, and turned into events. 3) Events are indexed, making the information searchable. 4) Raw data and events are compressed, and written to disk. Note: if using a Heavy Forwarder part of this p

The Big Bad Microphone

Public speaking is highly stressful and hard work. For many it's such a struggle they tend to doubt themselves, panic sets in, and they may even question their knowledge or value of presenting in the first place. I'm one of those many. So why, if it's so stressful, do I do it? Cyber Security is the process of layering on multiple controls, and to me, the most important control is humans. Teaching humans the Why, is beyond any technical control you can put in place. Humans can recognise patterns, we can adapt our responses quicker and often with much more reliability. That's why I do public speaking; to spread knowledge. It doesn't come naturally to me, my passion and excitement do. Back in g

Safe Internet

Last November I had the privilege to speak at The Times Tech Summit, on the Security & Trust panel. The first question asked "Can y

[Don't] Get Hooked

Whilst the internet allows us to travel the world from our desk, interestingly some global trends stick to specific geolocations.

©2020 by Zoë Rose