4.2 Web Interface Tour

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
2 hours 29 minutes
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
Hi. We're on module four. And in this video will be getting familiar with the Splunk Web interface.
00:06
To start off,
00:08
I'm logged into Time Machine, where we previously installed *** Enterprise. I've got a browser open to the *** Web interface and is unable to connect.
00:18
Since I didn't enable boots start and have since shut down this machine *** isn't currently running. I can check that by a
00:27
going opt Splunk
00:30
bins. Blunk stat status.
00:36
It's plenty is not running.
00:39
So if you want to start the *** software to run automatically when you turn on your machine,
00:46
you could enter the following command ops plunk
00:50
been ***,
00:52
enable
00:54
boots start
01:00
perfect. And
01:02
to start it up, I'm gonna go ops Plunk, been Splunk.
01:06
Start
01:10
checking that everything that been running and what that's done
01:15
should be able to log in
01:17
perfect
01:29
for starters, really go to one of the most commonly used places the search and reporting out.
01:38
Since we haven't got data yet 40 in this point, you'll only be able to get someone's own logs about how it and its host are doing.
01:47
I'm going to type in in next equals
01:52
internal, just so we have something to see here
01:56
from this green. We have a few options.
01:59
We could save this as a new alert report or dashboard,
02:04
and we can go through some different options to visualize the data.
02:08
The screen I
02:12
is another good place to know about.
02:14
It's a quick overview of the health status of ***. Since everything screen there is anything we need to investigate here.
02:23
Messages can be another good place to check for possible errors and issues.
02:28
He's just told me there's a newer version available.
02:30
Another place you can get.
02:32
A more thorough overview of the health and status of *** is by going to settings.
02:39
Mother during console.
02:44
This page gives us a nice overview of Harlem looking this far a CPU disk, memory and license usage.
02:57
If I click on health check,
02:59
I can run a report for possible issues.
03:01
We're gonna go in depth with this, but you want to know what the different pieces are. If you plan to have administrative duties and ***,
03:09
I mean, click back on the settings button here and go do searches, reports and alerts.
03:20
You immediately notice
03:22
that there are already some items here.
03:24
These air alerts designed to let you know
03:28
when there's a problem with splints. Health, such as if you're at your life since quota. Or if you're running out of this space,
03:34
he's all pertained to the monitoring consul app.
03:39
If I click here, I can select all.
03:44
You'll notice that we have several pages of
03:49
save searches, reports or alerts.
03:53
If I want, I can look at the ones that I've just built,
03:57
which is none right now.
04:00
I mean, take a look at users by going to settings,
04:02
either in authentication and access controls.
04:11
I click on users.
04:13
There's just me right now. But if I wanted to get out of new user by clicking here
04:18
and if I go back
04:23
and click on rolls,
04:26
um,
04:27
you can see the difference
04:29
default roles that are available
04:31
You should be set at an admin right now. But if you want to create more limited roles, which is a good idea to only give people is much access is they need. You have the ability of *** in your price to limit users toe only access, sir, indeed, A and limit their access in other ways.
04:46
You can also tie accounts to external indication methods such as Al DAP
04:55
going back to settings. We also restart Splunk from the Web consul by going to settings
05:00
server controls.
05:04
And then we can just click this restart button if we wanted to.
05:09
And then under activity, there are two useful options. Jobs and triggered alerts.
05:15
Treated alerts are just what you think alerts have recently triggered. If we want to open up jobs,
05:24
ah, it will show you which jobs have recently completed or currently running such a CZ searches.
05:30
If I wanted to go back into the search and reporting AP and run a search,
05:38
we can see it pop up in there
05:42
while data is stored for a while, which is determined by your retention policies, Specific searches typically aren't kept for very long.
05:49
So in this job's area, if you knew that you wanted to a store specific results for a while and maybe share it,
05:59
um, that you could extend the life in here
06:04
by clicking on that button.
06:08
You could also delete the job, such as if you're in a situation where too many searchers were run at once and it was, um,
06:15
causing problems.
06:16
You could go through and try and delete the unneeded ones. Or if you forgot about what that perfect search was that you were in just a minute, going had closed out the window. It was still show up here
06:29
in future. Videos will get to a lot of these other items, so just looking at data inputs,
06:35
indexes and lookups.
06:40
Now we'll just hop back to my slides for a quiz.
06:44
True or false,
06:46
you can restart Splunk fromthe Web interface.
06:51
Is this true?
06:54
You can restart Splunk
06:57
by going to studies and server controls
07:00
in the next video. We'll look at different ways to get data in this punk. Thanks for watching.
Up Next