Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Create Splunk Use Cases and Dashboard

iremdoesthings
Loves-to-Learn
‎01-07-2024 01:55 PM

My teacher gave me this task:

"You need to apply at least 3 different use cases that we will change according to your scenario. Show various use cases on the Dashboards you create. You can refer to sample use cases on the Internet or in the Security Essentials application on Splunk." but I don't know how to do this task. He gives us an empty Splunk Server and this task.

How can I create a use-case scenario?

Thank you for your time...

Labels (3)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-07-2024 11:35 PM

Hi @iremdoesthings ,

I suppose that you already know Splunk and SPL, if not, let me know that I can hint some free training to start.

Anyway, as you teacher and @PickleRick hinted, the Splunk Security Essentials App. is a good starting point to find the searches for your use cases, but anyway, the real staring point is the data that you have available on your Indexer: which one do you have available?

You could analyze your data with a simple search (index=* | stats count BY sourcetype) so you can know which data source you have available and you can use.

Otherwise, in the Splunk Security Essentials App, there's a very interesting feature, that analyzes you data and says to you which searches you can implement on your data, you can find it in the app at [Data > Data Invenatry].

Ciao.

Giuseppe

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-07-2024 02:07 PM

A use case in this context is typically a search returning results corresponding to some security scenario. Like finding excessive failed logins or sequence of logins from a geographically distant places in a short period of time.

You need to check what data you have available, what you want to find and think how to find it. Free Security Essentials app is indeed a good source for possible use cases.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...