Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Open ended question - beginner here

MarsBar
Engager
‎12-29-2021 08:18 AM

Hey all,

I've got an interview and I need to show some level of competency at using Splunk, I'm doing a short presentation on it and I have used it a little. I know it organises a lot of data from logs into useful information and it's handy for forensics, security and auditing users - I'm sure much more as well.

My task is this, to run Splunk on my computer and monitor  operating system events and/or performance. I did monitor data from the source called "Local Event Logs" and picked Security, Application, System and Setup and I have had a quick look over them but something is bugging me.  How can I make this more interesting because I'm doing  a presentation on it? Is there a field or something that would be good to talk about?

There's so many options so it's a bit tough to pick or a find a good one. Odd question, I know but any suggestions would be appreciated.

Thank you for the read guys. 

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-29-2021 08:28 AM

Hi @MarsBar,

to install Splunk on a workstation is very easy and you can ingest logs from the local system very easily.

You can follow some interesting video on YouTube, simply searching for "Splunk".

If you want to use those logs, you have to learn about the Splunk Search Language (SPL and you can find a useful tutorial at https://docs.splunk.com/Documentation/Splunk/8.2.4/SearchTutorial/WelcometotheSearchTutorial

To display ingested logs, you have to create your own dashboards, following the tutorials on YouTube or the documentation, or you could install some app, e.g. the Splunk App for Windows Infrastructure (https://splunkbase.splunk.com/app/1680/).

Then the best approach is a training path to learn to use Splunk, starting from the Splunk Fundamentals i Cource (https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html) that's free.

Ciao.

Giuseppe

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...