The learning objectives of this lab are as follows:
· Lean to upload data into Splunk
· Learn to use the Splunk Search App to perform searches using field (features) lookups
· Gain an understanding of Splunk’s Search Processing Language (SPL)
· Learn to create reports and charts, save them and share them
· Learn to create dashboards and panels and add more panels to dashboards
Splunk (splunk.com) is a popular enterprise level SEIM which supports the following capabilities: monitoring, searching, analyzing, and visualizing using large amounts of data. It is a wide application used across a number of domains that include infrastructure and application monitoring, business and IT services monitoring, Cybersecurity, IoT applications, business analytics and process mining; and it works on versatile technologies.
Splunk contains a Machine Learning Toolkit (MLTK) that can be used to implement machine learning applications including those in Cybersecurity. The MLTK is built on top of the Python for Scientific Computing Library and this ecosystem includes the most popular machine learning library called Sci-kit learn, as well as other supporting libraries like NumPy, SciPy, Pandas, and Statsmodels. In the next lab, you will use the MLTK in Cybersecurity applications.
However, before you do that you will need to gain some knowledge in Splunk by completing the Search Tutorial found at Splunk’s website: https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchTutorial/WelcometotheSearchTutorial
You should complete parts 1 to 7 of the Search tutorial, and provide the screenshots requested in the number questions below. In your answers to the questions below, each screenshot should have a title above it indicating which question the screenshot applies to. For example, in Q1 you should have the following.
Q1: screenshots from part 3 – ‘Exploring the Search Views’, in the ‘Explore the Data Summary Information (2)’ subsection, showing the data after you clicked the ‘Sources’ tab (2) and when you click tutorialdata.zip:./www1/access.log.