please where can i get the updated sample data for practicing searches using SPL? thanks in advance
You can get sample data literally anywhere. Any data can be used to practice searching. Your own workstation probably is the best place to start. If you want more variety in your data, download the BOTS3 (Boss Of The SOC version3) dataset at https://github.com/splunk/botsv3
Hi @Lorenzo1,
you can use the hint of @richgalloway or see at https://docs.splunk.com/Documentation/Splunk/9.0.3/SearchTutorial/Systemrequirements#Download_the_tu...
Ciao.
Giuseppe
You can get sample data literally anywhere. Any data can be used to practice searching. Your own workstation probably is the best place to start. If you want more variety in your data, download the BOTS3 (Boss Of The SOC version3) dataset at https://github.com/splunk/botsv3
Use chmod to set the permissions.
You do not need any apps or add-ons to use the BOTS data set.
hi @richgalloway ,
so i was able to install botsv3 but got this error after restarting and splunkd stopped running. pls how can i solve this cos i can see am almost there. thanxx.
homePath='/opt/splunk/etc/apps/botsv3_data_set/var/lib/splunk/botsv3/db' of index=botsv3 on unusable filesystem.
Validating databases (splunkd validatedb) failed with code '1'
attached is the screenshot,
You'll need to fix the filesystem on which the botsv3 index is stored. Perhaps it's in read-only mode or maybe the permissions on the botsv3 directory are incorrect.
ok lemme try that. Thanks for your time.
It's out of scope of this forum I'm afraid. It's not that I don't want to help you out here but you obviously have problems with most basic unix CLI operations so it's better that you train somewhere else than if I give you a copy-paste solution which you can mistype and break your whole installation.
Find some basic unix/linux CLI tutorial and start from there.
i dont understand . i already have a good hand in linux. If i could deploy a fully clustered splunk environment then i dont think i need basic linux training. But its ok if you say so. thanxx.
Sorry, mate, but it seems so.
From the screenshots you provided it seems that you're trying to "run" your home directory and your scp syntax is wrong (use man scp to read about it). It's not an insult. It's just pointing out that you're missing the basics.
hey bro do i need to download and install all the app/add -on before installing the BOTS v3? Cos i decided not to download the ones that had to do with microsoft and windows since am using Mac.
hi @richgalloway thanxx bro i seen it in v3.