Splunk: Log Management
SCENARIO INFORMATION
DESCRIPTION:
This scenario serves as a guide to learn about Log management with Splunk.
Splunk is used for monitoring, searching, analyzing and visualizing the system generated data in real time. It can monitor and read different type of log files and stores data as events in indexers.
OBJECTIVES AND OUTCOME:
After completing this scenario you will be able to:
– Install Splunk on CentOS 7 server
– Configure Splunk
– Change Splunk License
– Configure Splunk to use SSL/TLS certificates
– Limit disk space requirements
– Add Log sources to Splunk
– Analyse Logs using Splunk
– Manage Splunk Agent (Forwarder) installation
– Install Splunk on Debian Server
– Install Splunk on Windows Server
– Achieve Log Correlation Using Splunk
PRE-REQUISITES:
In order to get the full benefit from this scenario, it is suggested that you have competencies in the following areas:
– Basic knowledge in Linux operating systems.
RECOMMENDED READING:
It is suggested that you consult with these recommended reading resources and pre-existing scenarios:
https://www.tutorialspoint.com/splunk/index.htm
AUTHOR:
This scenario was created by Amos Kiprotich.