topic Re: Need Project Ideas - New Splunker in #Random

Need Project Ideas - New Splunker

sszulu505 — Tue, 26 Jan 2016 14:06:53 GMT

Hello Community,

I am a new Splunker and would love to do my term project for a security course using Splunk. I am having trouble coming up with ideas to propose to my professor - mainly due to the fact that I have no idea where I can get data to input into Splunk for analysis. I was hoping someone could recommend a novice level project idea that has data readily available and easy to ingest. I hope this isn't asking too much!

Thank you in advance!

Re: Need Project Ideas - New Splunker

jplumsdaine22 — Tue, 26 Jan 2016 17:03:46 GMT

Welcome to Splunk!

First of all definatley do the tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial

There are lots of data sets available online for free, it depends on what the focus is of your course. For a start, and especially since the tutorial is already focused on them, try and google around for some large apache web log sets, then create some analytics dashboards using that data

Have fun!

Re: Need Project Ideas - New Splunker

ChrisG — Tue, 26 Jan 2016 18:43:15 GMT

Here is another walk-through that uses the tutorial data, with a bit of a security focus:

http://docs.splunk.com/Documentation/Splunk/6.3.2/Scenarios/Goals

And here are some public PCAP data sets for security exercises: http://www.netresec.com/?page=PcapFiles

If you go that route, get the PCAP Analyzer for Splunk. You can also read the Indexing PCAP header data in Splunk blog post and take a look at this security analytics white paper.

Re: Need Project Ideas - New Splunker

esix_splunk — Tue, 26 Jan 2016 19:08:18 GMT

Additionally, you can find a large number of datasets out there for analysis.

Here are a few :
http://aws.amazon.com/datasets/
https://www.quandl.com/
http://www.networkrepository.com/

You can look through these and perhaps get some ideas.

Re: Need Project Ideas - New Splunker

sszulu505 — Wed, 27 Jan 2016 15:11:10 GMT

This is awesome - thank you so much for the responses guys (especially ChrisG!)!

My professor has asked us to re-scope the project to cover the bread-and-butter of what Splunk is used for and cover the top 3-5 features of the tool.

So, given I am fresh on the scene to Splunk - what do you guys think Splunk's "bread-and-butter" is (and the best way to demonstrate that) and your opinion of the top 3-5 features (especially if they're unique to Splunk)? Security focus would be great - but after I met with the professor, it sounded like he wanted a more holistic overview of Splunk.

Thank you everyone!

Re: Need Project Ideas - New Splunker

AndySplunks — Wed, 27 Jan 2016 16:05:58 GMT

If you have a lab network, see if you can get flow data from some network devices. Network engineers can typically set that stuff up to be forwarded to your Splunk environment.

Re: Need Project Ideas - New Splunker

ChrisG — Wed, 27 Jan 2016 16:25:39 GMT

The tutorials will still give you the best hands-on view of the main product capabilities. There is a brief technical summary of the core capabilities in the Splunk Enterprise Overview. To read about the main features and their value, see the Splunk Enterprise product page on splunk.com, and read through the Splunk and Operational Intelligence solution guide (linked from the product page).

Re: Need Project Ideas - New Splunker

ChrisG — Wed, 27 Jan 2016 16:26:52 GMT

PS feel free to upvote and/or accept answers that are useful to you!