Talk Details

Oversight: Building an Asset Inventory Data Pipeline

Oversight is an add-on for compiling a comprehensive asset inventory, based on the data you already have in Splunk. Users enter data input parameters to define each data source, along with parameters to enrich, normalize, filter, and expire records.

Oversight dynamically builds knowledge objects, and uses custom alert actions to aggregate data, and handle record expiration. Oversight correlates records for assets with multiple IPs as well.

Speaker:

Phil Meyerson

Links:

Video PowerPoint Github