Splunk Fundamentals 1 - Lab 4 - Datas not found af...

Darkpat60 · ‎06-29-2021

Hello,

I follow the Splunk Fundamentals 1 and have installed Splunk 8.2.1 as a local instance (Windows 10). The lab 4 material is composed of 3 files that have to be uploaded on splunk in an admin session. I follow the instructions and that seems to be working ok, but I don't see the indexed datas neither on the admin or power session after.

I tried to change the time span of the search results, to search in my datasets (empty in both sessions), nothing appears. I reuploaded the material and while saving a cvs file it seems the file was already there (from the first upload). But again, no results and no datas appear to have been indexed/ingested into splunk after.

Has anyone any idea to fix that or ever encountered this problem? Thanks a lot folks!

Darkpat60 · ‎06-29-2021

Ok sorry to spam, I kind of found the datas, they appear by clicking the "create a table view" and selecting the right index.But It seems that the datas is kind of processed this way, anyway the indexations was working.

So I made a search with an sample IP from the logs and had results with the searchbar. So ok datas are there (even if I don't have a view of the sources and other stats on the logs). Anyway, hope it helps, as the version seems to have changed since the version of fundamentals 1 materials.

Splunk Fundamentals 1 - Lab 4 - Datas not found after indexation

other

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?