We’ve collected a lot of knowledge over the years, and in many cases we’ve created our own cheat sheets to make our jobs easier. Here are a few of them:
Mostly for Splunk administrators and consultants, this cheat sheet contains hints for props.conf, the most common date and time format variables, some hints on rewriting default fields, using lookups, and more. Get it here.
Need some hints and quick tips for setting up rsyslogd or syslog-ng? Our syslog cheat sheet has you covered.
Common network ports when looking for firewall rules. Always remember to check your configs, as Splunk lets you change most of these. Also available as a PNG.
When getting new data into Splunk, it helps to be familiar with the index-time pipeline, and how you can use the order of props.conf configs to modify and optimize your data. We created this cheat sheet to help people remember that order. (pdf, png)