Archive

Need Project Ideas - New Splunker

Engager

Hello Community,

I am a new Splunker and would love to do my term project for a security course using Splunk. I am having trouble coming up with ideas to propose to my professor - mainly due to the fact that I have no idea where I can get data to input into Splunk for analysis. I was hoping someone could recommend a novice level project idea that has data readily available and easy to ingest. I hope this isn't asking too much!

Thank you in advance!

Tags (1)
0 Karma

Path Finder

If you have a lab network, see if you can get flow data from some network devices. Network engineers can typically set that stuff up to be forwarded to your Splunk environment.

0 Karma

Splunk Employee
Splunk Employee

Additionally, you can find a large number of datasets out there for analysis.

Here are a few :
http://aws.amazon.com/datasets/
https://www.quandl.com/
http://www.networkrepository.com/

You can look through these and perhaps get some ideas.

0 Karma

Splunk Employee
Splunk Employee

Here is another walk-through that uses the tutorial data, with a bit of a security focus:

http://docs.splunk.com/Documentation/Splunk/6.3.2/Scenarios/Goals

And here are some public PCAP data sets for security exercises: http://www.netresec.com/?page=PcapFiles

If you go that route, get the PCAP Analyzer for Splunk. You can also read the Indexing PCAP header data in Splunk blog post and take a look at this security analytics white paper.

Engager

This is awesome - thank you so much for the responses guys (especially ChrisG!)!

My professor has asked us to re-scope the project to cover the bread-and-butter of what Splunk is used for and cover the top 3-5 features of the tool.

So, given I am fresh on the scene to Splunk - what do you guys think Splunk's "bread-and-butter" is (and the best way to demonstrate that) and your opinion of the top 3-5 features (especially if they're unique to Splunk)? Security focus would be great - but after I met with the professor, it sounded like he wanted a more holistic overview of Splunk.

Thank you everyone!

0 Karma

Splunk Employee
Splunk Employee

The tutorials will still give you the best hands-on view of the main product capabilities. There is a brief technical summary of the core capabilities in the Splunk Enterprise Overview. To read about the main features and their value, see the Splunk Enterprise product page on splunk.com, and read through the Splunk and Operational Intelligence solution guide (linked from the product page).

Splunk Employee
Splunk Employee

PS feel free to upvote and/or accept answers that are useful to you!

0 Karma

Influencer

Welcome to Splunk!

First of all definatley do the tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial

There are lots of data sets available online for free, it depends on what the focus is of your course. For a start, and especially since the tutorial is already focused on them, try and google around for some large apache web log sets, then create some analytics dashboards using that data

Have fun!

0 Karma