https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625564#M107515 <P>You'll need to fix the filesystem on which the botsv3 index is stored.&nbsp; Perhaps it's in read-only mode or maybe the permissions on the botsv3 directory are incorrect.</P> Sat, 31 Dec 2022 13:37:18 GMT richgalloway 2022-12-31T13:37:18Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/624760#M107390 <P>please where can i get the updated sample data for practicing searches using SPL? thanks in advance</P> Mon, 19 Dec 2022 20:17:32 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/624760#M107390 Lorenzo1 2022-12-19T20:17:32Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/624768#M107392 <P>You can get sample data literally anywhere.&nbsp; Any data can be used to practice searching.&nbsp; Your own workstation probably is the best place to start.&nbsp; If you want more variety in your data, download the BOTS3 (Boss Of The SOC version3) dataset at&nbsp;<A href="https://github.com/splunk/botsv3" target="_blank" rel="noopener">https://github.com/splunk/botsv3</A></P> Mon, 19 Dec 2022 21:46:46 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/624768#M107392 richgalloway 2022-12-19T21:46:46Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/624806#M107397 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/247690">@Lorenzo1</a>,</P><P>you can use the hint of&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213957">@richgalloway</a>&nbsp;or see at&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/9.0.3/SearchTutorial/Systemrequirements#Download_the_tutorial_data_files" target="_blank">https://docs.splunk.com/Documentation/Splunk/9.0.3/SearchTutorial/Systemrequirements#Download_the_tutorial_data_files</A></P><P>Ciao.</P><P>Giuseppe</P> Tue, 20 Dec 2022 08:10:32 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/624806#M107397 gcusello 2022-12-20T08:10:32Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625288#M107468 <P>hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213957">@richgalloway</a>&nbsp;thanxx bro i seen it in v3.</P> Tue, 27 Dec 2022 02:48:04 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625288#M107468 Lorenzo1 2022-12-27T02:48:04Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625289#M107469 <P>hey bro do i need to download and install all the app/add -on before installing the BOTS v3? Cos i decided not to download the ones that had to do with microsoft and windows since am using Mac.</P> Tue, 27 Dec 2022 03:32:36 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625289#M107469 Lorenzo1 2022-12-27T03:32:36Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625292#M107470 <P>also i tried to scp the .tgz file from my local folder to the virtual server so i can untar and install it there but was getting "permission denied" error (screenshot attached). can you help pls.</P> Tue, 27 Dec 2022 06:04:24 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625292#M107470 Lorenzo1 2022-12-27T06:04:24Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625316#M107475 <P>It's out of scope of this forum I'm afraid. It's not that I don't want to help you out here but you obviously have problems with most basic unix CLI operations so it's better that you train somewhere else than if I give you a copy-paste solution which you can mistype and break your whole installation.</P><P>Find some basic unix/linux CLI tutorial and start from there.</P> Tue, 27 Dec 2022 09:48:30 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625316#M107475 PickleRick 2022-12-27T09:48:30Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625440#M107497 <P>i dont understand . i already have a good hand in linux. If i could deploy a fully clustered splunk environment then i dont think i need basic linux training. But its ok if you say so. thanxx.</P> Wed, 28 Dec 2022 23:54:08 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625440#M107497 Lorenzo1 2022-12-28T23:54:08Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625442#M107498 <P>Use <FONT face="courier new,courier">chmod</FONT> to set the permissions.</P><P>You do not need any apps or add-ons to use the BOTS data set.</P> Thu, 29 Dec 2022 00:59:57 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625442#M107498 richgalloway 2022-12-29T00:59:57Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625447#M107499 <P>Sorry, mate, but it seems so.</P><P>From the screenshots you provided it seems that you're trying to "run" your home directory and your scp syntax is wrong (use man scp to read about it). It's not an insult. It's just pointing out that you're missing the basics.</P> Thu, 29 Dec 2022 07:14:39 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625447#M107499 PickleRick 2022-12-29T07:14:39Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625555#M107510 <P>ok lemme try that. Thanks for your time.</P> Fri, 30 Dec 2022 21:29:43 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625555#M107510 Lorenzo1 2022-12-30T21:29:43Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625559#M107512 <P>hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213957">@richgalloway</a>&nbsp;,</P><P>so i was able to install botsv3 but got this error after restarting and splunkd stopped running. pls how can i solve this cos i can see am almost there. thanxx.</P><P>&nbsp;</P><P class=""><SPAN class="">homePath='/opt/splunk/etc/apps/botsv3_data_set/var/lib/splunk/botsv3/db' of index=botsv3 on unusable filesystem.</SPAN></P><P class=""><SPAN class="">Validating databases (splunkd validatedb) failed with code '1'</SPAN></P><P class=""><SPAN class="">attached is the screenshot,</SPAN></P><P class="">&nbsp;</P> Sat, 31 Dec 2022 08:07:29 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625559#M107512 Lorenzo1 2022-12-31T08:07:29Z https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625564#M107515 <P>You'll need to fix the filesystem on which the botsv3 index is stored.&nbsp; Perhaps it's in read-only mode or maybe the permissions on the botsv3 directory are incorrect.</P> Sat, 31 Dec 2022 13:37:18 GMT https://community.splunk.com/t5/Getting-Data-In/Where-can-I-get-the-updated-sample-data-for-practicing-searches/m-p/625564#M107515 richgalloway 2022-12-31T13:37:18Z