Splunk Tutorial for Beginners (Cyber Security Tools)
Vložit
- čas přidán 2. 06. 2024
- Want to learn the basics of Splunk (or Splunk Enterprise)?
Start learning Cybersecurity today ➡️ www.cybertrainingpro.com/
There is no question when it comes to technology tools dealing with large amounts of data, Splunk is the tool that you want to learn. Whether you need a tool for pure data analytics, Information Technology, or a Cyber Security SIEM, Splunk has you covered. Of course, not every organization uses Splunk and that is ok but from a learning perspective, it makes sense to learn one of the leading tools. Also, by learning Splunk, you can fairly easily learn similar tools easier because you have an idea of what is going on in the tool.
Join me for this video was we walk through the installation, configuration, and basic usage of Splunk. By the time you are done with this video, you will be on your way to becoming a SIEM tool expert!
www.ultimatewindowssecurity.c...
Blog Post: jongood.com/splunk-tutorial-f...
=============================
Today’s Video Sponsor
=============================
Are you interested in sponsoring content? ➡️ jongood.com/sponsor
=============================
Popular Cybersecurity Resources
=============================
Getting Started Resources & Free eBook ➡️ www.jongood.com/getstarted/
Cybersecurity Q&A ➡️ • Cyber Security Q&A
Cybersecurity Projects ➡️ • Cyber Security Projects
Cybersecurity Training & Career Services ➡️ www.CyberTrainingPro.com/
=============================
Cool Tech that I Use in My Studio
=============================
Gear List ➡️ jongood.com/affiliates/amazon/
=============================
Connect with me!
=============================
LinkedIn: ➡︎ / jongoodcyber
Twitter: ➡︎ / jongoodcyber
Instagram: ➡︎ / jongoodcyber
⏰ Timecodes ⏰
0:00 Splunk Basics Introduction
0:37 Why learn Splunk?
2:03 Splunk Installation
3:50 Configure Logs for Ingestion
4:25 Basic Splunk Search
6:42 Create Table in Splunk
7:25 Create Dashboard in Splunk
9:55 Why Dashboards Are Useful
11:08 Helpful Resource for Windows
11:34 Question of the Day
11:42 Final Thoughts
=============================
#CyberSecurity #SIEM #Splunk
DISCLAIMER: I am an ambassador or affiliate for many brands referenced on the channel. As an Amazon Associate, I earn a commission from qualifying purchases.
DISCLAIMER (MUSIC): I only use royalty-free music and sound effects. - Věda a technologie
only video on Splunk worth listening to. Much better then Splunk's own videos about ... t-shirts.
I'm glad that you enjoyed the video and thank you for the feedback!
Yup, I completely agree, especially about being much better than Splunk’s own videos!
Just learning Splunk and this was the easiest, step-by-step video I've found! Thanks
Hey I’m know I’m late to the party😂😂😂 But great video. I’m 40 year old army veteran who’s been trucks for the last 9 years and by far this has been the easiest tutorial to follow. Thank you.
I'm glad that you enjoyed the video and thank you for the feedback! My goal is always to make videos that are easy to follow because otherwise they are worthless.
Thanks Jon, love the format and content. Greatly appreciated.
Glad you enjoy it!
Appreciate you doing more of these lab tutorials in different tools, it helps a lot! Thanks.
Glad you like them!
Thank you! Best tutorial style, perfect. Please make more stuff exactly like this.
Thanks for the feedback and I'm glad that you enjoyed the video!
Thank you, I’ve been trying to find an easy video to learn about and configure splunk.
Glad it was helpful!
Simple and clear explanations - A non techie such as myself could easily understand - Glad I got redirected to this channel - I am now a subscriber - Thanks for your work and time. 🙏
Welcome and I'm glad that you like the content!
Simple and well explained. Thx
Glad it was helpful!
The best video out there that actually helps you understand what Splunk is and how to use it!
Excellent and thank you for sharing! These are the kinds of comments I love to see.
I appreciate you sharing your knowledge.
My pleasure!
Best Splunk tutorial out there. Others are just about a lot of things
Thank you and I'm glad that you enjoyed it!
This is really good. Thanks man!
I'm glad that you enjoyed it!
This video is totally worth it. Great work
Glad you think so, and thank you for the support!
Thank you. I was able to follow...very good video!
Glad it helped!
simply great presentation
Glad you liked it!
Very nice and crisp , thanks lot
I'm glad that you enjoyed the video!
thank you! splunk is so important
You're welcome! Remember that Splunk isn't the only tool that does this stuff so try to learn a few if possible.
Thank you I’m 🆕 your teaching skills are impactful 📈
Glad you think so!
helpful vid. thank you.
I'm glad that you enjoyed it!
Learned this in a bootcamp in 2021 and your video refreshed my memory. Thank you so much!
Glad it helped!
Did you get a job since graduating and if you did, how did you pass the interviewing process without being denied?
@@MotionMasterMike Yes I got my first job last August. The interview went well it was more like a conversation rather than an interview. They only asked me two very simple technical questions. It’s been a full month now at this job.
@@miloboy55bro i heard that there is a huge demand for the people who r very good at splunk...is it true?
@@nahidsarker69 Definitely. There are positions that hire specifically if you have Splunk knowledge. They pay extremely well.
Gracias por el contenido de hecho estoy preparándome para tomar una certificación de splunk y este es un gran inicio. Saludos desde Mexico
I'm glad that you enjoyed it!
Thanks for giving such wonderful real time experience
Thank s alot
Put more vidoes on splunk
Thank u jhon
I'm glad that you enjoyed the video!
This is a great guide for starting out. Im having issues translating it to using multiple files as sources for the search. I am learning all this from scratch which this tutorial helped a lot with but when it comes to files I have been given to search for specific things such as looking to see if a login was suspicious it from 4 different files it only seems to want to pull the source from 1 file not all of the files I thought I had entered into splunk.
Glad it was helpful! Splunk can certainly get complex the deeper that you go.
Great, so many videos do not show how to import the data...the step before submitting queries. Thank you from this beginner.
Glad it was helpful!
@ 6:03 Mouse over "EventCode" and without clicking, simply move the mouse over the "=1102" and it will highlight both (you actually managed to do this before clicking), then you can add the entire section to your search. Thank you for this video! I'd love to see a series of progressively complex tutorials for this.
would you advice entry level cyber analysts to learn splunk?
Yep thanks for sharing Bradley! Either way works I just happened to not click the actual event ID.
@@henryijeoma Splunk can be a useful thing to know but keep in mind that there's a lot to learn at the entry level before I recommend diving into a tool like Splunk. Unfortunately Splunk restricts a lot of features without a paid plan but there are also lots of alternatives out there if you just want to learn a SIEM tool.
I needed this video, thank you
You're so welcome!
Thanks 😊
You're welcome!
VERY- INTERESTING.
I'm glad that you enjoyed it.
Question: around 4:50 you were saying how the wildcard search was looking for local events only - since your on a VM is it possible for events in the Host Machine to be detected as well?
By default Splunk will not ingest logs from a remote source/system. If you want to bring logs in from a remote system, you need to configure the Splunk Forwarder on that system but that is outside the scope of this video.
Hi John, I love the way you teach us. I have 2 questions to get an answer from you. 1.) I am also trying to learn Splunk since I am not doing any IT job now.(I was in IT Network security before for 1.5 years and we used Fortinet SIEM which is little difficult to customize).My question is, Splunk needs a business account email to download or register which I don't have. What can I do at this stage to try Splunk? 2.) What is the other alternative SIEM tool apart from Splunk that you can recommend to learn?
You can get a trial of Splunk without a business email. Wazuh is another popular option that you can try. Ultimately, it's about learning a tool in the SIEM category, and not necessarily about the specific tool.
Thanks so much! thinking about transferring from an IAM role to SOC :)
I'm glad that you enjoyed it! That's great...what's driving the switch?
@@JonGoodCyber I feel like I AM is really close to my first IT job and my IAM role is quite ambiguous cause I'm first a developer than slipped into IAM then want to move to SOC. Some point I can put cybersecurity and my coding skills together
@@masterchief5437 awesome stuff! I also recommend looking into DevSecOps and Application Security as those are also roles related to your background.
@@JonGoodCyber thanks for the advice!
Jon is very good
Thank you for watching!
I wasn't sure where I can find Splunk login portal. Thank you. I am in Splunk dashboard.
I'm glad that the content was helpful!
This ought to be easy considering I have been doing this stuff with scripts I have been writing for years.
I hope the content helps you!
Just came across this video, very informative.
Q. However when I opened my Splunk I don’t see the create table view as you have in the video, is their way to fix that and have back on it to be able to create a table view? Thank you.
I'm glad that you enjoyed the video! Since I can't see your screen, it's difficult to troubleshoot the issue, but make sure you are doing everything the exact same as I do in the video, including the operating system, if you want the same results. Also remember that GUIs do change over time but Splunk has a tremendous amount of resources available on their website for reference.
@@JonGoodCyber Thank you
Hello, I have a question and hopefully you will answer it. So, I'm working as Quality Assurance in Splunk reseller company. I get confused about my job description and have no idea what I have to do. I hope you can give me some example what QA's can do for
I'm not sure what kind of tasks that you have for Quality Assurance as I work in Cyber Security but Splunk at its core is a database tool that you can use to make sense of data. You might try looking at available apps within Splunk or reaching out to Splunk directly.
@@JonGoodCyber Thank you so much for your kindly responses.
What’s the best niche to learn in 2023? I’m turning 40 have had my own landscape business for 20 years but looking to change paths this fall so I want to start learning. I graduated in 2020 with my associates in businesss and software development. Coding was challenging for me and during Covid it was hard to find a job bad timing
For which area? Since my content is primarily around Cyber Security I'm assuming that's the area you're asking about. Specifically cloud and GRC are two of the biggest emerging areas but they aren't to be learned in a silo and you still need foundational knowledge that can be found in my eBook's roadmap ( jongood.com/getstarted/ ).
@@JonGoodCyber ty very much for the response! I'm looking at GRC and trying to narrow down a good niche to learn in that field that could allow me to find a good enrty level job soon. Trying to figure out what to focus on as to not waste any more time and get busy learning. I been watching all sorts of videos lately on here lately and maybe thats confising me more.
I can't speak for other creators but the resources are there in my content for you to follow if you're willing to put in the work.
Great video....I like the cut of its jibb:)
I'm glad that you enjoyed the video!
Account lockouts on domain domain controllers !
That is definitely something to monitor!
Does all this work on splunk cloud.....then explain its setup...🙂
Software/applications are generally very similar when comparing locally hosted (i.e., on-premise) and cloud-based. That said, if you want to guarantee the exact same results as in this video, I recommend following the steps I have provided.
You can only download this only if you work for a company right? i wanted to get into splunk to learn it as a skill, so i can look for a job .
I'm not sure where that came from but that is incorrect. Of course, you're only going to get the trial version though so you will be limited in what you can do.
Hello, thank you sir,but we are absolutely in desperate need of more goodies about on Splunk like this.
Thank you for the request...I always let people vote with their views as that's the best way to see which content that people enjoy!
@@JonGoodCyber in that case, 10 votes for Splunk
I don't have the "Local event log collection" under setting
I recommend following the video steps exactly including the operating system. I recently retested this for somebody and confirmed that it is still accurate, if followed as provided.
here is some of the event that should be monitored, in my perspective the even clear log, might be one of the must important due to hackers 'cleanup' is to delete the event that have occured during there time on the machine.
Pass the Hash Detection Remote Desktop Logon Detection
External Media Detection
Application Allow listing
Application Crashes
System or Service Failures
Windows Update Errors
Windows Firewall
Clearing Event Logs
Software and Service Installation
Account Usage Kernel Driver Signing
Group Policy Errors
Windows Defender Activities
is there a way to save all of the event that showes up on Splunk? or is it only live action, and if cleared it, gone?
There's absolutely a ton of stuff that you can monitor and the list grows all the time. You can save the queries into dashboards, tables, etc. or of course you can save the query text and copy/paste it when you need to perform a search. Splunk indexes information but the more that it processes, the more that Splunk will charge you.
Jon...first time here...I dig your style!! You have a new subscriber!! Ok...back to the vids
Awesome! Thank you and glad to have you here!
I want to get into cybersecurity too.
Excellent! I recommend grabbing my free eBook ( jongood.com/getstarted/ ) to get started.
So, are you saying that I can only learn splunk and have no other skills and get a job ? Which splunk specialization/s do you think are the best to get a remote job. I live on a small island.
Where online can people practice and help with splunk. To learn and get experience to put on a resume.
I never said that nor would I say that as that statement will lead you to disappointment. Frequently areas like IT, Security Operations Centers or even business analytics teams will have people responsible for managing Splunk itself but unless you have a development background or a background in that particular area, you aren't going to be very valuable/competitive. Splunk has a ton of documentation on their website so that is a good place to start practicing various exercises.
@@JonGoodCyber okay, i did a lot of coding, but im not good at coding. I'm doing a Qualys VMDR course now, I'm half confused, so I was looking to see if I should try splunk after.
Do I need windows 10/11 pro to do this project? Or can I just use windows 10/11 free or home?
I recommend reviewing the system requirements from Splunk ( docs.splunk.com/Documentation/Splunk/9.1.0/Installation/SystemRequirements ). I don't typically recommend server software being installed on a client operating system even if it is supported. You're much better off creating a virtual machine with a server OS and practicing that way.
@4:05 - Local event log collection is not showing on my Mac. Anyone know why?
Different operating systems function and collect logs differently. If you want to match things exactly as in this video, you need to use the same configuration described (Windows Server 2022). Microsoft has trial downloads of the operating system that you can use for free, however the setup of the operating system is outside the scope of this video.
So I just recently downloaded Splunk and I went where it says local inputs like you said but no where does it have “local even log collection” anywhere.
I recommend going back through and repeating the steps exactly as provided. I just redid the steps to verify that nothing has changed and although the user interface has changed slightly, the labels and everything are still exactly the same as this video.
@@JonGoodCyber okay I’ll redo it right now
@@JonGoodCyberdo you by any chance think it’s because I have splunk on Mac book ?
Well I cannot guarantee that it'll be the same on Mac because as stated this installation was on a Windows system and Windows has different logs than MacOS. I recommend checking out the installation guide for MacOS ( docs.splunk.com/Documentation/Splunk/9.1.0/Installation/InstallonMacOS ) if you're set on running it that way. Otherwise you might consider trying the installation on Linux or Windows as it's not as likely that you're going to see Splunk installed on a Mac in the real world, at least not for the management console.
@@JonGoodCyber okay thanks the reason I use it on a Mac device because that’s all I have. But thanks for responding and helping me !!! 🙏🏼
Can I install on Mac?
I recommend checking the Splunk website for operating system compatibility. That said, you're likely going to run into differences when installing/configuring everything.
I did a course on Cyber Security how to find jobs in this field
Thanks for sharing!
While I appreciate the work you put into these videos, if I have to register and give them a lead to learn their software (and possibly advocate for it in jobs), no thanks.
Basically all commercial tools are going to force you into their system but you certainly have the choice whether or not to do so. I'm just providing training on a high-demand tool and don't benefit either way.
When you are showing your self on camera and sort of yelling, I swear my brain hears "Project Farm's" voice.
I'm certainly not "sort of yelling" but unlike a lot of other creators, I have a high-quality microphone and record at an appropiate volume level for all speakers.
Breach and or log in errors
Those are absolutely two great things to monitor! I think breaches are fairly self explanatory but why might be looking for errors be useful?
Can anyone give me a dummy network IP address? I need to use it for a lab.
Although I don't know your exact scenario, anything in the private IP space should work it sounds like:
-10.0.0.0 to 10.255.255.255
-172.16.0.0 to 172.31.255.255
-192.168.0.0 to 192.168.255.255
@@JonGoodCyber I'm a newbie,was doing my CompTia pentest,but couldn't really replicate the tools output (eg nmap port scans )because he was using a server to hack which showed a network rather then just my 1 router.
Potential hidden malware within the system which you can identify through unusual system logs?...I guess
You're on the right track...what are some indicators that we might look for or to determine what's "unusual?"
@@JonGoodCyber what was the answer ?
@@jonasbaine3538 What do you think the answer is? This is a question for people to answer so we can discuss it, not a question for me.
Yes but MR you need to spend to buy you need and live so according to what you say, no one need to spend and save save save so are you going to ware and eat money lol
I don't understand your comment.
is splunk open source? if not, it is not suitable for security at all.
Why do you think that? Sticking to extremes like just open source or just closed source...is a dangerous strategy. You can find more information about Splunk's views on open source here: www.splunk.com/en_us/blog/learn/splunk-open-source.html#:~:text=Though%20Splunk's%20core%20products%20are,it%20came%20to%20data%20platforms.
You might want to sto shouting in your video intros
Thanks for watching! I wasn't shouting but I do use a volume that works for all speakers. Also, this video is over 1 year old.
Splunk on Windows LMFAO as soon as you say "splunk on windows" You lose all credability as a real IT or Cyber guy....
My professional background speaks for itself thanks. Anyways despite the fact that it sounds like you're a Linux purist, any "real IT or cyber" person knows that you use the appropiate tool to fit a the situation and to not try to force a solution. Reviewing Windows logs is a good place to start as a large majority of systems being monitored are running the Windows operating system.