Knowledge Management

Where to download data for use to practice/learn splunk?

djchatman
New Member

I've completed the 'fundamentals' study but wish to move further. However, not having any data to work w/ is a stopper. I'm hoping there's somewhere I can obtain various files to work with. Can you help me?

Thanks much.

0 Karma

mandar
New Member

Hello,

I am new to Splunk and on my route to learning, I found the data for practice on this link https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchTutorial/Systemrequirements#Download_the_tu...

Answers in your question helped me to get the link,

Regards,

Mandar

Tags (1)
0 Karma

niketn
Legend

@djchatman, if your intent is to practice with the exact same data set used for Fundamentals 1, then you should try the tutorial Data from hypothetical ButterCup Games as @skoelpin has suggested (I have provided Another Link to the same file from Splunk Search Tutorial App): http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/GetthetutorialdataintoSplunk

If your intent is to practice Splunk commands on any data, you can try several other approaches:
1) Eventgen App on Splunkbase: This app can be used to generate dyummy data live based on sample data added to the app. Refer to youtube walk-thru from Clint Sharp (~ 5 min video) on setting up the App and how to use it.

2) Splunk's _internal index,_audit etc. : Splunk monitors itself using its own logs. You can query them as _internal logs will always be written when Splunk is running on your machine.

3) Turn on Performance or Event Log monitoring (on Windows machine): Follow simple steps to turn on Performance monitoring like CPU, Memory etc on your personal machine and use the indexed data

4) Generate mock data using commands like makeresults and gentimes to cook up data on the fly and run your search command on the same. If you follow most of Splunkers here on Splunk Answers use this approach to generate some dummy data as per user's question and then propose solutions.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

skoelpin
SplunkTrust
SplunkTrust

Here's some tutorial data you can use

http://docs.splunk.com/Documentation/SplunkCloud/7.0.0/PivotTutorial/GetthetutorialdataintoSplunk

Below is publicly available data that Montgomery county releases. You can do cool things like finding the most popular car that gets caught for speeding to visualizing crime maps. It updates on a pretty frequent basis

https://data.montgomerycountymd.gov/

deva1995
Explorer

How to fetch data from this montgomery site?

0 Karma

skoelpin
SplunkTrust
SplunkTrust

You need to select an industry and can download the CSV file to start and upload it into Splunk. I think you could stream it via a rest call too

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...