3.1 Setting Up Splunk

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 59 minutes
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> We're in Module 3 where we will be setting up Splunk.
00:00
In this module, we'll
00:00
discuss the different parts of Splunk,
00:00
go through the steps to set up
00:00
a quick practice environment and show
00:00
you how to install forwarders to get
00:00
data into your Splunk environment.
00:00
Before we move on to
00:00
the next video discussing the parts of Splunk,
00:00
I want to give a few notes
00:00
about planning your environment.
00:00
We will not cover everything needed to
00:00
adequately plan for
00:00
a production environment in this course,
00:00
but I wanted to give you some
00:00
resources for further study.
00:00
You don't need any specific setup for this course,
00:00
but if you're using an unusual system,
00:00
you may want to check out
00:00
Splunk system requirements prior to
00:00
trying to run through the installation instructions.
00:00
If you're working with an old system,
00:00
for example, you may need
00:00
to use an older version of Splunk.
00:00
When you're looking to set up
00:00
Splunk for a real production environment,
00:00
you'll likely want to check out
00:00
Splunk's capacity planning manual,
00:00
this specifies what hardware
00:00
requirements you may be looking at.
00:00
There are also some tools
00:00
like Splunk sizing.appspot.com that
00:00
can help you in planning storage requirements
00:00
based on how much data you're ingesting,
00:00
your data retention policies, and architecture.
00:00
Even for a small company,
00:00
these requirements can quickly get up to terabytes.
00:00
Splunk's installation manual can show you supported OSs,
00:00
and provide more information on system requirements,
00:00
here are a few charts from that documentation.
00:00
For this course, and for
00:00
the study as a beginner at Splunk,
00:00
you may want to start off with
00:00
some disposable virtual machines to work from.
00:00
Microsoft has a pre-built Windows 10 Enterprise VM,
00:00
you could practice with as one option.
00:00
Well you aren't likely to see a business
00:00
running Splunk off a Kali Linux machine,
00:00
Offensive Security offers a pre-built machine you
00:00
could use to jump into
00:00
the activities for this course quickly.
00:00
You may want to use both this one,
00:00
and the Windows machine to
00:00
get a feel for working in multiple environments.
00:00
Even if you know you want to set
00:00
up the Splunk platform on Linux,
00:00
it's likely you'll need to install
00:00
forwarders in the feature on Windows machines.
00:00
Since we aren't going
00:00
in-depth with setting up virtual machines,
00:00
if you do run into repeated issues,
00:00
you can still complete most of
00:00
the activities in this course by signing
00:00
up for a free seven-day trial for the Splunk sandbox.
00:00
This will give you pre-populated data to play with,
00:00
and you can still work on
00:00
using the web console, and running searches.
00:00
This isn't the preferred option, but if you know,
00:00
you only want to get a feel for
00:00
the console, you could do this.
00:00
We'll dive into the different parts of Splunk
00:00
in the next video. Thanks for watching.
Up Next