Knowledge Management

Where to download data for use to practice/learn splunk?

djchatman
New Member

I've completed the 'fundamentals' study but wish to move further. However, not having any data to work w/ is a stopper. I'm hoping there's somewhere I can obtain various files to work with. Can you help me?

Thanks much.

0 Karma

mandar
Engager

Hello,

I am new to Splunk and on my route to learning, I found the data for practice on this link https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchTutorial/Systemrequirements#Download_the_tu...

Answers in your question helped me to get the link,

Regards,

Mandar

Tags (1)

niketn
Legend

@djchatman, if your intent is to practice with the exact same data set used for Fundamentals 1, then you should try the tutorial Data from hypothetical ButterCup Games as @skoelpin has suggested (I have provided Another Link to the same file from Splunk Search Tutorial App): http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/GetthetutorialdataintoSplunk

If your intent is to practice Splunk commands on any data, you can try several other approaches:
1) Eventgen App on Splunkbase: This app can be used to generate dyummy data live based on sample data added to the app. Refer to youtube walk-thru from Clint Sharp (~ 5 min video) on setting up the App and how to use it.

2) Splunk's _internal index,_audit etc. : Splunk monitors itself using its own logs. You can query them as _internal logs will always be written when Splunk is running on your machine.

3) Turn on Performance or Event Log monitoring (on Windows machine): Follow simple steps to turn on Performance monitoring like CPU, Memory etc on your personal machine and use the indexed data

4) Generate mock data using commands like makeresults and gentimes to cook up data on the fly and run your search command on the same. If you follow most of Splunkers here on Splunk Answers use this approach to generate some dummy data as per user's question and then propose solutions.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

skoelpin
SplunkTrust
SplunkTrust

Here's some tutorial data you can use

http://docs.splunk.com/Documentation/SplunkCloud/7.0.0/PivotTutorial/GetthetutorialdataintoSplunk

Below is publicly available data that Montgomery county releases. You can do cool things like finding the most popular car that gets caught for speeding to visualizing crime maps. It updates on a pretty frequent basis

https://data.montgomerycountymd.gov/

deva1995
Explorer

How to fetch data from this montgomery site?

0 Karma

skoelpin
SplunkTrust
SplunkTrust

You need to select an industry and can download the CSV file to start and upload it into Splunk. I think you could stream it via a rest call too

Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...