Practice Exercise 2: Exploring Splunk Basics

Objective

In this exercise, you will learn how to access Splunk and perform some basic Splunk searches.

Prerequisites

Access to Web Browser
Internet Connection

Exercises

Steps:

Step 1. Open a web browser and navigate to the Splunk web interface by entering the http://172.104.167.208:8000

Step 2. Log in using the following credentials:

      Username: [first letter of your firstname+lastname]
      Password: [yourmachinepassword]

Step 3. After logging in, you will be on the Splunk homepage. Explore the Splunk interface and familiarize yourself with the following sections:

Search & Reporting: This is where you can perform searches and analyze data.

Apps: Splunk apps provide pre-configured dashboards and visualizations for specific data sources or use cases.

Settings: Configuration and management options.

Step 4. Searching Data

In the search bar, run a simple search query (e.g., index="_audit" sourcetype=audittrail).
This query will search for sample data in the "audittrail" sourcetype.

Step 5. Basic Search Queries

Perform the following basic search queries and understand the results:
Search for events from a specific index: index="_internal".
Filter results based on a specific keyword: error.
Time-based searches: index="_introspection" earliest=-24h.
Wild Card Search: index="_introspection" sourcetype=splunk_resource_usage source=*resource_usage.log.
Count Events: index="_introspection" sourcetype=splunk_resource_usage | stats count

Step 6: Saving and Exporting Search Results

Run the search that you want to save.
Click the Export button in the search bar.
Select the Report option.
Enter a name for the report and click Save.

To export the results of a search, you can save the results to a file in one of the following formats (CSV,JSON, PDF, Raw Events, XML):

Conclusion

You have successfully accessed Splunk, performed a basic search, and explored its interface. This exercise introduces you to the basics of using Splunk for log analysis and visualization.