Getting Data In

How to setup splunk on home wireless network?

splunkdavidh
Explorer

I want to learn splunk.
How can I setup splunk on my home WiFi network to learn and practice?

I have Verizon router.
1-Laptop Windows 10
1-Laptop dual boot-Win 10/Kali Linux
2-Desktop PCs with Windows 10

Thanks in advance!

0 Karma

to4kawa
Ultra Champion
0 Karma

@splunkdavidh learn about Splunk Stream App which allows you to monitor several protocols in streaming manner (caution monitor those which are needed and control frequency/duration for home test monitor as it will consume bandwidth as well as license for indexing).

Once you are familiar with Splunk Stream (Documentation is also available on Splunkbase), you can also check out Home Monitor app on Splunkbase (PS: I have not tested and not sure whether it is compatible with your network devices or not but do read the details before installing)

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

afx
Contributor

Set up Splunk on one of the desktops.
Make sure there are Windows Security Events activated on the box.
Use them as an input.

Install Sysmon for file and other monitoring topics and include them as well.
See whether the router can Syslog data to the Splunk machine.

By now your are probably already getting more data per day than the free license allows.
If not, install universal forwarders on the other boxes and grab their logs as well.
Install a web server on one of the boxes and integrate the logs of the web server.
Of course, for playing, you might include the logs of various sources at different times so that your daily license is not blown.
Once you have the data in you can play with it.
Check out the relevant apps from splunkbase.
Look for old .conf talks on relevant topics.

That should keep you busy for a while 😉

cheers
afx

0 Karma

splunkdavidh
Explorer

Thank you!
So basically I don't have to have any specific equipment to learn/practice splunk on my home WiFi network and I don't have to connect my computers to router via Ethernet to router, correct?

0 Karma

afx
Contributor

Yes, WiFi is good enough.
and as you do have aKali Maschine, you can hammer your other systems with lots if interesting stuff to create lots of events that you can play with.

I somtimes test things at home and I use Splunk Linux VM on my Windows Laptop to do this. All tha magic happens in that VM.

cheers
afx

0 Karma

to4kawa
Ultra Champion

Can your network equipments send logs?

0 Karma

splunkdavidh
Explorer

I am not really sure, but I guess I should be able to find out by looking at the specs of my router or logging into router interface.

0 Karma
Get Updates on the Splunk Community!

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Want a chance to win $500 to the Splunk shop? Take our IT Incident Management Survey!

  Top Trends & Best Practices in Incident ManagementSplunk is partnering up with Constellation Research to ...