All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Looking for Example datasets to use for splunk practice

PaulBrosseau
Engager
‎07-30-2015 07:20 AM

Does anyone have any logs or other data files I can upload into Splunk and then use them to become familiar with the tool?

Tags (2)
Reply

joechakkola1
Explorer
‎09-08-2018 05:10 PM

for a wide variety of logs please check out this site https://ossec-docs.readthedocs.io/en/latest/log_samples . you can then use eventgen app in splunk to generate runtime logs based off these samples.

Reply

mandar_alawani
New Member
‎12-03-2017 08:08 PM

these tutorial files are great? related to this, is there any SQL server database sample data which we can use to work with Splunk?

0 Karma
Reply

rkirkw
Path Finder
‎07-30-2015 12:08 PM

I setup a small lab at home on my vmware server containing several linux servers - proxy, dns, http, mysql, postfix etc.
Sent all of my router info to Splunk through udp to capture firewall events and potential attacks.
Also forwarded a few Windows laptops to Splunk which generates a bunch of data.

Once you point your laptops to browse the internet through your proxy server and dns server you will have plenty of data.

Just get creative with data you are already generating and capture it.

Good Luck!

Reply

bmacias84
Champion
‎07-30-2015 09:27 AM

I would install the Splunk Reference App -PAS and AUTH0. These contain example data set for Splunk Developer Guidance which uses the Event Gen app. I use it all the time to fake data.

Dev Guide
Splunk Code Repo
Splunk Test Repo
Eventgen app on Splunk Base

Reply

rsennett_splunk
Splunk Employee
Splunk Employee
‎07-30-2015 08:39 AM

Another great data set is the Airline On-Time data from the US dept of transportation.
http://www.transtats.bts.gov/Tables.asp?DB_ID=120
That's 30 years worth of airline data (so make sure, when you index it you have adjusted the frozenTimePeriodInSecs in your indexes.conf so that it doesn't just roll stuff out of cold when it hits 6 years. (I learned that the hard way!)

It's not a simple data set so there are some challenges, but it's quite extensive... and really fascinating.

With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!
Reply

ChrisG
Splunk Employee
Splunk Employee
‎07-30-2015 08:31 AM

If you step through the Search Tutorial, it includes a zip file of sample data you can use to learn the basics of searching and reporting. That is most people's entry into the world of Splunk.

A couple of years back there was a Splunk blog posting about an easy way to generate sample data sets.

And Amazon has a list of public data sets available in AWS.

But I recommend starting with the tutorial data.

Reply

woodcock
Esteemed Legend
‎07-30-2015 07:40 AM

You can download one of the facebook or twitter apps and get a stream of data to play with but even better, you can create a free cloud sandbox and there is a ton of fake data streams already there. Just go through the tutorial and you will see how to access it:

https://www.splunk.com/getsplunk/onlinesandbox

Splunk also provides a tool for generating fake streams of data called eventgen and there is a new rewrite of this called gogen (google on github, I think).

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...