Knowledge Management

New to Splunk: What is a log and security logs?

sandepreddy555
New Member

Hi everyone. I'm new to Splunk.

what is log? what are security logs? Splunk Log Management system?

Please help to to overcome these basic questions?

Thank you everyone.

0 Karma

aakwah
Builder

Hello,

Generally machines are trying to tell us something through logs, so they are very valuable resource to ensure that everything is working as expected and to give us an idea what is going on.

From information security perspective logs will help security professionals to quickly identify suspicious activities happening in the network to take quick actions and mitigate risks, security log sources are devices like firewalls, IPS, Antivirus, Windows AD, Endpoints (Desktops) and Proxy servers.

Analyzing and correlating logs provides visibility to network and security infrastructure which makes troubleshooting more easier and will allow monitoring teams to respond faster to incidents, and Splunk make this task easier than before as it acts as a search engine for all types of logs with very effective Search Processing Language (SPL)

Regards

adonio
Ultra Champion

log file by wikipedia;
https://en.wikipedia.org/wiki/Logfile
security log -> log that has security related information, might come from a security device (firewall for example) software (malware detection) for example or other (windows security for example)
splunk is not (but can be if you want to) a log management system.
it allows you to search your logs on the fly with out the need to ETL: https://en.wikipedia.org/wiki/Extract,_transform,_load
read more in splunk.com and learn more on youtube splunk
hope it helps

aaraneta_splunk
Splunk Employee
Splunk Employee

@sandepreddy555 - First off, welcome to Splunk and the Splunk Community!

I'd recommend you taking a look at these previous Answers posts for some helpful tips, tricks, and resources:
- https://answers.splunk.com/answers/310388/hungry-newbie-best-way-to-learn-splunk-well-effici.html
- https://answers.splunk.com/answers/462710/are-there-any-splunk-training-materials-for-new-us.html

Also, I'd highly recommend (if you haven't done so already) is to do the Search Tutorial. It provides a free data set to download in order to follow along with the tutorial. It may answer some of your basic questions along the way.

Also, Splunk Education is a great resource too. Currently there's a free, self-paced Splunk Fundamentals course you can take!

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...