Hi All, I haven't been able to find an answer on here that has fixed my problem. Yes, I have followed all of the instructions on the Github and I have tried on a Windows10 VM and also on my home lab. It's been 8 hours of troubleshooting and I am not able to get my SPLUNK to recognize the data set. I have put this data into my SPLUNK > ETC/APPS and several other locations, to try to have the instance ingest the data - to no avail. PLEASE HELP! I just want to learn and it's impeding my progress! Even though this is also a learning process 😉 Installation Download the dataset file indicated above and check the MD5 hash to ensure integrity. Install Splunk Enterprise and the apps/add-ons listed in the Required Software section below. It is important to match the specific version of each app and add-on. Unzip/untar the downloaded file into $SPLUNK_HOME/etc/apps Restart Splunk The BOTS v3 data will be available by searching: index=botsv3 earliest=0 Note that because the data is distributed in a pre-indexed format, there are no volume-based licensing limits to be concerned with.
... View more
