Time
1 hour 59 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
Hi. We're on module four. And in this video will be getting familiar with the Splunk Web interface.
00:06
To start off,
00:08
I'm logged into Time Machine, where we previously installed *** Enterprise. I've got a browser open to the *** Web interface and is unable to connect.
00:18
Since I didn't enable boots start and have since shut down this machine *** isn't currently running. I can check that by a
00:27
going opt Splunk
00:30
bins. Blunk stat status.
00:36
It's plenty is not running.
00:39
So if you want to start the *** software to run automatically when you turn on your machine,
00:46
you could enter the following command ops plunk
00:50
been ***,
00:52
enable
00:54
boots start
01:00
perfect. And
01:02
to start it up, I'm gonna go ops Plunk, been Splunk.
01:06
Start
01:10
checking that everything that been running and what that's done
01:15
should be able to log in
01:17
perfect
01:29
for starters, really go to one of the most commonly used places the search and reporting out.
01:38
Since we haven't got data yet 40 in this point, you'll only be able to get someone's own logs about how it and its host are doing.
01:47
I'm going to type in in next equals
01:52
internal, just so we have something to see here
01:56
from this green. We have a few options.
01:59
We could save this as a new alert report or dashboard,
02:04
and we can go through some different options to visualize the data.
02:08
The screen I
02:12
is another good place to know about.
02:14
It's a quick overview of the health status of ***. Since everything screen there is anything we need to investigate here.
02:23
Messages can be another good place to check for possible errors and issues.
02:28
He's just told me there's a newer version available.
02:30
Another place you can get.
02:32
A more thorough overview of the health and status of *** is by going to settings.
02:39
Mother during console.
02:44
This page gives us a nice overview of Harlem looking this far a CPU disk, memory and license usage.
02:57
If I click on health check,
02:59
I can run a report for possible issues.
03:01
We're gonna go in depth with this, but you want to know what the different pieces are. If you plan to have administrative duties and ***,
03:09
I mean, click back on the settings button here and go do searches, reports and alerts.
03:20
You immediately notice
03:22
that there are already some items here.
03:24
These air alerts designed to let you know
03:28
when there's a problem with splints. Health, such as if you're at your life since quota. Or if you're running out of this space,
03:34
he's all pertained to the monitoring consul app.
03:39
If I click here, I can select all.
03:44
You'll notice that we have several pages of
03:49
save searches, reports or alerts.
03:53
If I want, I can look at the ones that I've just built,
03:57
which is none right now.
04:00
I mean, take a look at users by going to settings,
04:02
either in authentication and access controls.
04:11
I click on users.
04:13
There's just me right now. But if I wanted to get out of new user by clicking here
04:18
and if I go back
04:23
and click on rolls,
04:26
um,
04:27
you can see the difference
04:29
default roles that are available
04:31
You should be set at an admin right now. But if you want to create more limited roles, which is a good idea to only give people is much access is they need. You have the ability of *** in your price to limit users toe only access, sir, indeed, A and limit their access in other ways.
04:46
You can also tie accounts to external indication methods such as Al DAP
04:55
going back to settings. We also restart Splunk from the Web consul by going to settings
05:00
server controls.
05:04
And then we can just click this restart button if we wanted to.
05:09
And then under activity, there are two useful options. Jobs and triggered alerts.
05:15
Treated alerts are just what you think alerts have recently triggered. If we want to open up jobs,
05:24
ah, it will show you which jobs have recently completed or currently running such a CZ searches.
05:30
If I wanted to go back into the search and reporting AP and run a search,
05:38
we can see it pop up in there
05:42
while data is stored for a while, which is determined by your retention policies, Specific searches typically aren't kept for very long.
05:49
So in this job's area, if you knew that you wanted to a store specific results for a while and maybe share it,
05:59
um, that you could extend the life in here
06:04
by clicking on that button.
06:08
You could also delete the job, such as if you're in a situation where too many searchers were run at once and it was, um,
06:15
causing problems.
06:16
You could go through and try and delete the unneeded ones. Or if you forgot about what that perfect search was that you were in just a minute, going had closed out the window. It was still show up here
06:29
in future. Videos will get to a lot of these other items, so just looking at data inputs,
06:35
indexes and lookups.
06:40
Now we'll just hop back to my slides for a quiz.
06:44
True or false,
06:46
you can restart Splunk fromthe Web interface.
06:51
Is this true?
06:54
You can restart Splunk
06:57
by going to studies and server controls
07:00
in the next video. We'll look at different ways to get data in this punk. Thanks for watching.

Up Next

Introduction to Splunk

This Splunk training class is designed to quickly introduce you to Splunk and its many capabilities.

Instructed By

Instructor Profile Image
Natasha Staples
Incident Response Security Engineer at Arrow Electronics
Instructor