Skip to content

Posts from the ‘Splunk’ Category

6
Dec

Download Splunk _raw data from Index using the Web Interface

Select the appropriate time range.

In the Splunk search window, search for the index and table the _raw data.

Capture1.PNG

Download the search results. Click on the Export button.

Capture2.PNG

Save the file as a csv.

Capture1.PNG

5
Oct

Splunk Universal Forwarder Setup

Inside of the Splunk server enable the Splunk listener on port 9997.

download the correct universal forwarder for your device. In this case I am using raspberry pi and used the arm version. Navigate to the directory you downloaded the universal forwarder in and run the following commands to install the forwarder as root, start at boot, and start monitoring the /var/log directory. Change your Server IP address.

sudo tar xzvf splunkforwarder-7.0.0-c8a78efdd40f-Linux-arm.tgz -C /opt
sudo /opt/splunkforwarder/bin/splunk splunk start –answer-yes –no-prompt –accept-license
sudo /opt/splunkforwarder/bin/splunk add forward-server X.X.X.X:9997
sudo /opt/splunkforwarder/bin/splunk add monitor /var/log
sudo /opt/splunkforwarder/bin/splunk restart
sudo /opt/splunkforwarder/bin/splunk enable boot-start

23
Aug

Splunk Enterprise Data Administration Links

Course Objectives

Module 1 – Introduction to Data Administration

Module 2 – Getting Data In – Staging

Module 3 – Configuring Forwarders

Module 4 – Forwarder Management

Module 5 – Monitor Inputs

Module 6 – Network and Scripted Inputs

Module 7 – Agentless Inputs

Module 9 – Parsing Phase and Data

Module 10 – Manipulating Raw Data

Module 11 – Supporting Knowledge Objects

  • Create field extractions
  • Configure collections for KV Store
  • Manage Knowledge Object permissions
  • Control automatic field extraction

Module 11 – Creating a Diag

  • Identify Splunk diag
  • Using Splunk diag
23
Aug

Curated list of Splunk “how to’s” and Tutorials

Youtube:

Splunk.com

Sites: