Archive

New to Splunk: What is a log and security logs?

New Member

Hi everyone. I'm new to Splunk.

what is log? what are security logs? Splunk Log Management system?

Please help to to overcome these basic questions?

Thank you everyone.

0 Karma

Builder

Hello,

Generally machines are trying to tell us something through logs, so they are very valuable resource to ensure that everything is working as expected and to give us an idea what is going on.

From information security perspective logs will help security professionals to quickly identify suspicious activities happening in the network to take quick actions and mitigate risks, security log sources are devices like firewalls, IPS, Antivirus, Windows AD, Endpoints (Desktops) and Proxy servers.

Analyzing and correlating logs provides visibility to network and security infrastructure which makes troubleshooting more easier and will allow monitoring teams to respond faster to incidents, and Splunk make this task easier than before as it acts as a search engine for all types of logs with very effective Search Processing Language (SPL)

Regards

SplunkTrust
SplunkTrust

log file by wikipedia;
https://en.wikipedia.org/wiki/Logfile
security log -> log that has security related information, might come from a security device (firewall for example) software (malware detection) for example or other (windows security for example)
splunk is not (but can be if you want to) a log management system.
it allows you to search your logs on the fly with out the need to ETL: https://en.wikipedia.org/wiki/Extract,_transform,_load
read more in splunk.com and learn more on youtube splunk
hope it helps

Splunk Employee
Splunk Employee

@sandepreddy555 - First off, welcome to Splunk and the Splunk Community!

I'd recommend you taking a look at these previous Answers posts for some helpful tips, tricks, and resources:
- https://answers.splunk.com/answers/310388/hungry-newbie-best-way-to-learn-splunk-well-effici.html
- https://answers.splunk.com/answers/462710/are-there-any-splunk-training-materials-for-new-us.html

Also, I'd highly recommend (if you haven't done so already) is to do the Search Tutorial. It provides a free data set to download in order to follow along with the tutorial. It may answer some of your basic questions along the way.

Also, Splunk Education is a great resource too. Currently there's a free, self-paced Splunk Fundamentals course you can take!

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!