Splunk Basics Complete Course

Lectures: 0:00 Intro 1:25 2 - Course Structure 4:44 3 - Installing VMplayer 6:37 4 - Installing Ubuntu 14:27 5 - Assigning IPs and changing the default password 22:36 6 - Downloading Splunk and installing Apache 28:24 7 - Importing Fortigate Appliance 33:04 8 - Installing Splunk and Splunk UF 41:04 9 - Deployment types 45:10 10 - Configure Splunk to receive logs 56:03 11 - Collecting logs from remote nodes 1:13:44 12 - Configure Syslog source 1:17:09 13 - Searching and exploring data on Splunk 1:20:54 14 - Extract fields and add knowledge to data 1:33:30 15 - Splunk Search Processing Language (SPL) 1:35:56 16 - Creating reports and dashboards 1:46:42 17 - Creating alerts You can follow the course on Udemy as well: https://www.udemy.com/course/splunk-b... Resources: https://drive.google.com/file/d/1jRNX... --- Machines are trying to tell us something through logs, so they are a very valuable resource for IT departments to ensure that everything is working as expected and to give us an idea of what is going on in our IT environments which will help to respond faster to incidents. In this hands-on course, we will learn how to set up a small virtual LAB to simulate real-world logging and monitoring scenarios, where we will collect logs from Apache web server and Fortigate firewall and send them to Splunk for storage, analysis, visualization, and alerting. I selected these two log sources specifically because they represent the majority of log sources you will find in your environment, so you can follow the same steps in the course to integrate different log sources in the future. There are more complex log sources to integrate like logs that are pulled from database but they are not suitable to be discussed in an introductory course. After we onboard logs to Splunk, we will search and explore data we received then we will add knowledge to it by extracting interesting fields in these logs. At this point, our logs will be ready to be treated by Splunk Searching Processing Language (SPL) to create reports, dashboards, and alerts. This course will make you ready to dig deep into more advanced topics of Splunk administration like, High availability Indexers clusters Search head clusters Deployments servers Splunk Apps Advanced SPL But you have to walk before you run, so my vision for this course is to master the basics first to break the ice. Note: When the course was recorded Splunk version was 8.0.4.1, On 10-09-2022 I validated Splunk Enterprise 9.0.1 on my own test lab and the steps and instructions in this course still apply. Who this course is for: Security engineers IT Administrators Security operations center engineers Security incident handlers Systems administrators Anyone want to explore huge log files/feeds Anyone interested in learning Splunk What you'll learn: ICT Logging and monitoring basics How to make logs work for you and get notified if something went wrong Visualize data received from any log source in very simple steps Build a small computer LAB that consists of a Splunk server, Apache web server and Fortigate firewall virtual appliance Install and configure Splunk Enterprise and Splunk Universal Forwarder Know the different deployment types of Splunk Collect logs from remote nodes using Splunk Universal Forwarder Collect logs from Syslog devices like Fortigate firewall Search and explore data on Splunk Extract fields and add knowledge to data Quick introduction to Splunk Search Processing language (SPL)