I am a new Splunker and would love to do my term project for a security course using Splunk. I am having trouble coming up with ideas to propose to my professor - mainly due to the fact that I have no idea where I can get data to input into Splunk for analysis. I was hoping someone could recommend a novice level project idea that has data readily available and easy to ingest. I hope this isn't asking too much!
Thank you in advance!
Here is another walk-through that uses the tutorial data, with a bit of a security focus:
And here are some public PCAP data sets for security exercises: http://www.netresec.com/?page=PcapFiles
This is awesome - thank you so much for the responses guys (especially ChrisG!)!
My professor has asked us to re-scope the project to cover the bread-and-butter of what Splunk is used for and cover the top 3-5 features of the tool.
So, given I am fresh on the scene to Splunk - what do you guys think Splunk's "bread-and-butter" is (and the best way to demonstrate that) and your opinion of the top 3-5 features (especially if they're unique to Splunk)? Security focus would be great - but after I met with the professor, it sounded like he wanted a more holistic overview of Splunk.
Thank you everyone!
The tutorials will still give you the best hands-on view of the main product capabilities. There is a brief technical summary of the core capabilities in the Splunk Enterprise Overview. To read about the main features and their value, see the Splunk Enterprise product page on splunk.com, and read through the Splunk and Operational Intelligence solution guide (linked from the product page).
Welcome to Splunk!
First of all definatley do the tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial
There are lots of data sets available online for free, it depends on what the focus is of your course. For a start, and especially since the tutorial is already focused on them, try and google around for some large apache web log sets, then create some analytics dashboards using that data