Investigations

Running Investigations with NTerminal in Splunk

Using NTerminal in Splunk Enterprise allows for flexible searching and analyzing of relevant data. Using a data platform such as Splunk will allow users to get the most out of the various sources of unstructured data, which might otherwise require mulitple tools to combine and overlay.

Example Investigations

Here are some example blog posts using the system to investigate breaking crypto news events:

• STEEM Community Battles for Control “Justin Sun Coordinating with Exchanges to Revert Soft Fork 22.2”
• KICK Token — Market Manipulation Analysis “Investigating an Unsolicited Mass Airdrop”
• Cryptofinancial Impact: Binance Hack “May 07, 2019 over 7,000 BTC was successfully transferred from the Binance hot wallet”
• Cryptofinancial Impact: Bitfinex News “The New York Attorney General, Letitia James, announced her court order against iFinex Inc.”

STEEM Community Battles for Control

Using this blog as an example, we will go through the Splunk process of analyzing the drama surrounding the “Soft Fork 22.2. by recreating many of the searches used in the post within a dashboard. This video walks through the process of creating such a dashboard, and you can find screen shots below of each of the visualizations we put together. (Please Turn on CC/Subtitles. No sound)

Time selection input and STEEM price/volume.

Mentions and Sentiment surrounding the event for Steem/Steemit (left) and co-mentions for other keywords (right).

Mentions and Sentiment for the top keywords that were co-mentioned with Steem/Steemit (top), and Co-mentions and Sentiment for those keywords (bottom).

Individual news events for keywords co-mentioned with Steem/Steemit.