Cheat Sheets

Cheat Sheets for your logging environment

We’ve collected a lot of knowledge over the years, and in many cases we’ve created our own cheat sheets to make our jobs easier. Here are a few of them:

Splunk Data Onboarding

Mostly for Splunk administrators and consultants, this cheat sheet contains hints for props.conf, the most common date and time format variables, some hints on rewriting default fields, using lookups, and more. Get it here.


Need some hints and quick tips for setting up rsyslogd or syslog-ng? Our syslog cheat sheet has you covered.

Splunk AppDev

Building a Splunk app for yourself? Maybe something you want to share on Splunkbase? Check out the Splunk AppDev cheat sheet for tips and tricks on making your app successful.

Securing Splunk

Want to make sure you are following the best practices for securing your Splunk deployment? Our Securing Splunk cheat sheet can help guide you along.

Splunk Search Head Clustering

Setting up Search Head Clustering and need a quick-start? Our Search Head Clustering cheat sheet can help you get up to speed.

Splunk Common Network Ports

Common network ports when looking for firewall rules. Always remember to check your configs, as Splunk lets you change most of these. Also available as a PNG.

Splunk Props.conf Location (beta)

We get a lot of questions about where a props.conf configuration belongs, so we created this flow chart to help identify the proper location.

Splunk Props.conf Index-time Order

When getting new data into Splunk, it helps to be familiar with the index-time pipeline, and how you can use the order of props.conf configs to modify and optimize your data. We created this cheat sheet to help people remember that order. (pdf, png)