Diving into Splunk

When it comes to ingesting events/logs/traffic data one tool seems to come up more than any other and that is Splunk. Lucky for us we can play with a virtual install with an interesting data-set pre-configured. It’s easy just go to https://www.splunk.com/page/sign_up/cloudtrial?redirecturl=/getsplunk/onlinesandbox and create an account if you don’t already have one.

(Update) I have been running my own Splunk Enterprise instance in my home lab. What an incredibly easy to use tool. Within minutes I was ingesting thousands of logs from my multiple firewalls and windows boxes.  The search functionality is simple and clean. Next steps will be introducing some malicious activity  and setup alerts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: