Getting Data In

How to setup splunk on home wireless network?

splunkdavidh
Explorer

I want to learn splunk.
How can I setup splunk on my home WiFi network to learn and practice?

I have Verizon router.
1-Laptop Windows 10
1-Laptop dual boot-Win 10/Kali Linux
2-Desktop PCs with Windows 10

Thanks in advance!

0 Karma

to4kawa
Ultra Champion
0 Karma

niketn
Legend

@splunkdavidh learn about Splunk Stream App which allows you to monitor several protocols in streaming manner (caution monitor those which are needed and control frequency/duration for home test monitor as it will consume bandwidth as well as license for indexing).

Once you are familiar with Splunk Stream (Documentation is also available on Splunkbase), you can also check out Home Monitor app on Splunkbase (PS: I have not tested and not sure whether it is compatible with your network devices or not but do read the details before installing)

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

afx
Contributor

Set up Splunk on one of the desktops.
Make sure there are Windows Security Events activated on the box.
Use them as an input.

Install Sysmon for file and other monitoring topics and include them as well.
See whether the router can Syslog data to the Splunk machine.

By now your are probably already getting more data per day than the free license allows.
If not, install universal forwarders on the other boxes and grab their logs as well.
Install a web server on one of the boxes and integrate the logs of the web server.
Of course, for playing, you might include the logs of various sources at different times so that your daily license is not blown.
Once you have the data in you can play with it.
Check out the relevant apps from splunkbase.
Look for old .conf talks on relevant topics.

That should keep you busy for a while 😉

cheers
afx

0 Karma

splunkdavidh
Explorer

Thank you!
So basically I don't have to have any specific equipment to learn/practice splunk on my home WiFi network and I don't have to connect my computers to router via Ethernet to router, correct?

0 Karma

afx
Contributor

Yes, WiFi is good enough.
and as you do have aKali Maschine, you can hammer your other systems with lots if interesting stuff to create lots of events that you can play with.

I somtimes test things at home and I use Splunk Linux VM on my Windows Laptop to do this. All tha magic happens in that VM.

cheers
afx

0 Karma

to4kawa
Ultra Champion

Can your network equipments send logs?

0 Karma

splunkdavidh
Explorer

I am not really sure, but I guess I should be able to find out by looking at the specs of my router or logging into router interface.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...