Hi All,

I haven't been able to find an answer on here that has fixed my problem.

Yes, I have followed all of the instructions on the Github and I have tried on a Windows10 VM and also on my home lab. It's been 8 hours of troubleshooting and I am not able to get my SPLUNK to recognize the data set.

I have put this data into my SPLUNK > ETC/APPS and several other locations, to try to have the instance ingest the data - to no avail. 

PLEASE HELP! I just want to learn and it's impeding my progress! Even though this is also a learning process 😉

Installation

1. Download the dataset file indicated above and check the MD5 hash to ensure integrity.
2. Install Splunk Enterprise and the apps/add-ons listed in the Required Software section below. It is important to match the specific version of each app and add-on.
3. Unzip/untar the downloaded file into $SPLUNK_HOME/etc/apps
4. Restart Splunk
5. The BOTS v3 data will be available by searching:

index=botsv3 earliest=0

1. Note that because the data is distributed in a pre-indexed format, there are no volume-based licensing limits to be concerned with.