Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Splunk

    Uploaded by

    jajamsrinu

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Splunk

    Uploaded by

    jajamsrinu
    2 views27 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views27 pages

    Splunk

    Uploaded by

    jajamsrinu

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 27

    Splunk Installation

    splunk is a powerful tool used in cybersecurity for collecting, indexing,


    searching, and analyzing vast amounts of machine-generated data from
    various sources such as network traffic, server logs, application logs,
    and more. It helps security teams to detect and respond to security
    threats effectively by providing real-time visibility into the security
    posture of an organization's IT infrastructure. Splunk's capabilities
    enable security analysts to identify patterns, anomalies, and potential
    security incidents, investigate security breaches, and streamline incident
    response processes. Overall, it's a crucial tool for monitoring, managing,
    and enhancing the security of digital environments.

    1) Download the splunk from official website


    https://www.splunk.com/

    Click on the free splunk option, it will take you the sign-up page
    2)Create an splunk account

    Fill in all the details to create a Splunk account

    3)After creating an account, log in to your Splunk account

    Note: Perform all these steps in your windows server

    Click on the downloads page


    4)Select the Splunk Enterprise Free Trial option
    5)Select windows version and click on download

    Make sure you download the Splunk server from your Windows Server 2019,
    which is installed in the VMware

    Now the download has started, it will take some time


    6) After downloading the file, run it.

    Accept the license Agreement, then click on next


    7) Create an admin account for splunk dashboard

    Create a strong username and a strong password.


    Click on Install

    It will take some time


    "Now that the installation is completed, click on 'Finish'."

    Now, it will launch the Splunk portal.


    Now, enter the credentials you created earlier and click on 'Sign In

    The installation is now completed, and you can begin using Splunk.
    Splunk Forwarder
    Splunk forwarder, simply put, is a component of the Splunk data
    processing architecture. It's responsible for collecting, forwarding, and
    indexing machine data such as logs, events, and metrics from various
    sources to a Splunk deployment for analysis and visualization.
    Forwarders are lightweight agents that are installed on the machines
    generating the data. They continuously monitor designated files or
    streams, extract relevant information, and send it securely to the Splunk
    indexer or indexer cluster for storage and analysis. This helps
    organizations centralize their machine data, gain insights, and take
    action based on real-time information.
    1)Download The splunk universal forwarder
    https://www.splunk.com/en_us/download/universal-forwarder

    Log in to your account and click on free splunk


    2) Navigate to the downloads page.

    Click on 'Get my free Download' under Universal Forwarder.


    4) Select windows version

    Select the Windows version and click on 'Download Now'.

    The download has started; it will take some time.


    5)After downloading the file, run it

    Accept the license agreement and select on-premises and click on next
    6)create an account for the splunk forwarder

    7)Deployment server

    Leave hostname and port empty and click on next


    8)Receiving indexer

    Enter your splunk server Ip address and port number is 9997


    Click on install

    The installation process is started it will take some time


    9) log in to your splunk portal
    10) configure receiving port

    Click on settings and click on forwarding and receiving


    Click on add new

    Enter 9997 port and click on save


    11) open a command prompt with administrator privileges.

    Navigate to the directory where the Splunk Universal Forwarder is installed

    Default path C:\Program Files\SplunkUniversalForwarder\bin

    13) Configure the Splunk Universal Forwarder to send logs to your Splunk
    indexer
    Replace <indexer_host> with the hostname or IP address of your Splunk
    indexer and <port> with the receiving port of your Splunk indexer.

    Enter the username and password

    14) Add the logs you want to forward

    15) start splunk


    16) Verify that logs are being forwarded successfully

    Log in to your splunk portal

    Click on searching and reporting


    Here, we can see that the logs are being forwarded from Windows to the
    Splunk server.
    Splunk monitor
    1)Log in to your splunk portal

    Click on add data


    2)monitor
    3)local event logs

    Click on local event logs and select the type of logs you want to
    monitor

    Click on review
    Click on submit
    4)verify the data

    Click on start searching


    "We can see that the security logs are being forwarded from
    Windows to our Splunk server."

    You might also like