- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Need Project Ideas - New Splunker
Hello Community,
I am a new Splunker and would love to do my term project for a security course using Splunk. I am having trouble coming up with ideas to propose to my professor - mainly due to the fact that I have no idea where I can get data to input into Splunk for analysis. I was hoping someone could recommend a novice level project idea that has data readily available and easy to ingest. I hope this isn't asking too much!
Thank you in advance!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have a lab network, see if you can get flow data from some network devices. Network engineers can typically set that stuff up to be forwarded to your Splunk environment.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Additionally, you can find a large number of datasets out there for analysis.
Here are a few :
http://aws.amazon.com/datasets/
https://www.quandl.com/
http://www.networkrepository.com/
You can look through these and perhaps get some ideas.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is another walk-through that uses the tutorial data, with a bit of a security focus:
http://docs.splunk.com/Documentation/Splunk/6.3.2/Scenarios/Goals
And here are some public PCAP data sets for security exercises: http://www.netresec.com/?page=PcapFiles
If you go that route, get the PCAP Analyzer for Splunk. You can also read the Indexing PCAP header data in Splunk blog post and take a look at this security analytics white paper.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is awesome - thank you so much for the responses guys (especially ChrisG!)!
My professor has asked us to re-scope the project to cover the bread-and-butter of what Splunk is used for and cover the top 3-5 features of the tool.
So, given I am fresh on the scene to Splunk - what do you guys think Splunk's "bread-and-butter" is (and the best way to demonstrate that) and your opinion of the top 3-5 features (especially if they're unique to Splunk)? Security focus would be great - but after I met with the professor, it sounded like he wanted a more holistic overview of Splunk.
Thank you everyone!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The tutorials will still give you the best hands-on view of the main product capabilities. There is a brief technical summary of the core capabilities in the Splunk Enterprise Overview. To read about the main features and their value, see the Splunk Enterprise product page on splunk.com, and read through the Splunk and Operational Intelligence solution guide (linked from the product page).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PS feel free to upvote and/or accept answers that are useful to you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Welcome to Splunk!
First of all definatley do the tutorial http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial
There are lots of data sets available online for free, it depends on what the focus is of your course. For a start, and especially since the tutorial is already focused on them, try and google around for some large apache web log sets, then create some analytics dashboards using that data
Have fun!
