1.2 What is Splunk?
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hello, and thanks for coming back.
00:00
I'm Natasha, and in this section we're going to enter
00:00
the deceptively simple question of, what is Splunk?
00:00
Splunk is a company worth
00:00
several billion US dollars
00:00
and based out of San Francisco.
00:00
It specializes in data use and processing.
00:00
Splunk has multiple different products.
00:00
But when you refer to just Splunk,
00:00
people most often think of
00:00
the Splunk platform and its core capabilities,
00:00
or they may just think about
00:00
whatever they have set up at their company.
00:00
Splunk Enterprise, Splunk Cloud, Splunk Free,
00:00
and Splunk Light makeup what is
00:00
thought of as a Splunk platform.
00:00
In future videos,
00:00
we'll discuss the differences between
00:00
these and talk about other products.
00:00
This course will focus on the common uses of
00:00
the popular Splunk Enterprise and Splunk Free,
00:00
and briefly cover the capabilities of
00:00
other products that typically build on this platform.
00:00
The company sums up its purpose as
00:00
Splunk turns machine data into answers.
00:00
To dig a little deeper, Splunk software aggregates,
00:00
processes, analyses, and helps you
00:00
use small and massive amounts of data.
00:00
It's particularly helpful for turning
00:00
unstructured data into usable information.
00:00
Some examples include ingesting
00:00
authentication logs and alerting
00:00
when there have been high-volume failures,
00:00
or it could collect web traffic data
00:00
and provide statistics on visitor activity.
00:00
Another example would be storing some data
00:00
to let an admin search for
00:00
information to troubleshoot a problem.
00:00
You could retrieve malware alerts
00:00
and correlate it with other activity,
00:00
or use a lookup to define error codes
00:00
and organize a problem in human-readable format,
00:00
gather IoT data and provide meaningful metrics,
00:00
sort and store information required for an audit,
00:00
and tons of other uses.
00:00
Splunk has a strong community
00:00
built around its product including forums,
00:00
conferences, and even local events in many places.
00:00
Its growth has exploded over the last few years,
00:00
but was founded back in 2003.
00:00
The easiest way to get a grasp on
00:00
Splunk might be to take a quick look.
00:00
Here's a relatively empty instances
00:00
Splunk Enterprise I have running on a virtual machine.
00:00
I am searching for some data,
00:00
just traffic on this machine,
00:00
and I found 320 events in the last hour.
00:00
We're going to look at a single event here,
00:00
I can pull this up and see the raw text.
00:00
This itself would be hard for us
00:00
to work with, but as you see here,
00:00
it breaks it out into different fields that I can then
00:00
use for other tasks.
00:00
Right here, I could run a simple search
00:00
where I look at how many events
00:00
have happened in this data by app.
00:00
There we are. Now we've got to our quiz, true or false.
00:00
Splunk can only handle parsed data?
00:00
The answer is false.
00:00
Splunk is great for organizing raw data.
00:00
To sum up what we've learned in this section,
00:00
Splunk takes data that's difficult to handle,
00:00
maybe because there's so much of it,
00:00
or because it's unorganized or meaningless on its own,
00:00
and makes it usable in a variety of ways,
00:00
such as for a reporting, alerting, troubleshooting,
00:00
threat hunting, making business decisions, and so on.
00:00
In the next video, we're going to be talking about
00:00
Splunk and your career. Thanks for watching.
Up Next
Similar Content
