Splunk Search

How to save practice data into the Splunk Enterprise as a student?

LionKing18
Explorer

Hello Spluksters,

I installed the Splunk enterprise. I am also reading the free Splunk e-book. Chapter 2 talks of installing some practice data and gives steps that don't arrive me to desired goal.

Would you troubleshoot this ASAP?

Thanks,

Allan

Tags (1)
0 Karma

LionKing18
Explorer

Logged into my admin Splunk Enterprise. Clicked on "Add Data" that prompted another click to "upload files from my computer". Next was to click "Select File", located the "tutorialdata" from my computer. Followed the remaining tutorial steps and guess what I ghat all the buttercup machine data for practice.

Plan to take the Splunk user exam Saturday!

0 Karma

skoelpin
SplunkTrust
SplunkTrust

Good work! Uploading data directly into Splunk is a good start, once you get more of an understanding, you should try uploading data on a remote server into Splunk using a universal forwarder.

Also, please accept/upvote any helpful answers

0 Karma

woodcock
Esteemed Legend

At least post URL to download the ebook. Better yet, post the steps. Help us to help you.

0 Karma

LionKing18
Explorer

Got Splunked!

0 Karma

skoelpin
SplunkTrust
SplunkTrust

You need to either forward the data into Splunk from a remote host or you can upload it directly into Splunk. Go to Settings>Data Inputs and upload your data.. make sure to go through all the steps and your data is in Splunk. Make sure your searching the right index, if you didnt specify an index then it will go into the main index. To look, you could also run this search

| metasearch index=*

This will return data, look on the left hand side and look for the field called index and click it. See what index the data is in then go to the search and type in index=<INDEX-NAME>

0 Karma

LionKing18
Explorer

Happily splunked!

niketn
Legend

@LionKing18, follow Splunk Tutorial Dcumentation to install Splunk and add tutorial data. If something is not working as expected, please add details on step not working and any issue/error that you see.

http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/Systemrequirements

Validate that events are showing up in the index that you have created and perform a search by All Time if required.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

LionKing18
Explorer

Got splunked!

0 Karma

niketn
Legend

@LionKing18, if the answer helped please accept the same. Also up vote the comments that helped! All the Best!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...