Time
2 hours 29 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
Hello, I'm Natasha and in this video will go over the basics of using APS and ***.
00:07
APS and add ons are two ways to add to Spanx capabilities,
00:12
and they're easy to get mixed up
00:13
partly because there's according to Splunk, no definite criteria that universally distinguished and out from an add on.
00:22
We can still try to separate them out
00:24
after our applications. You install in the *** pop form and often have interactive dashboards. Though you do new things with your data
00:32
officer. Typically, more visual and interactive
00:36
add ons are more forgiving data in and doing behind the scenes changes.
00:40
This could be, ah, specific configuration. You give out to four orders to retrieve a certain type of data and extract the fields properly. Just for example,
00:51
APS and Adams can be *** built, or they can be built by vendors or users. Many different companies offer Splunk APs that work with the data from their products.
01:00
Individual developers can also submit APS.
01:03
It's highly recommended that you install laps in a test environment before adding them to a production environment.
01:10
Sometimes there can be conflicts with other configurations, and APS may cause issues.
01:17
You'll definitely want to check out Splunk base
01:19
here, you can search over 1000 absent add ons for things that may be useful in your environment.
01:26
These are a few popular APS just to give you an idea of what's out there.
01:32
Splunk security essentials provide security focused searches you can use in your environment. It has an interactive dashboard where you can evaluate your source types for the kinds of things you might monitor
01:42
and look for what types of threats you'd be able to target.
01:47
This is not to be confused with the Splunk out enterprise security, which you have to pay for,
01:52
but it still provides
01:53
many useful abilities.
01:57
The Devi connect up is really helpful for tying into databases such as a sequel database to retrieve data.
02:04
The look up file editor lets you modify lookup tables fromthe Web Consul with ease.
02:08
There are a ton of vendor specific app, such as once for Cisco sources AWS, Paulo Alto, Microsoft Azure, workday, et cetera.
02:17
There are also plenty of useful APS for specific purposes, says Just Geo location. Look up, special visual ization, even weather information.
02:29
If you're interested in creating APS, that's totally an option. You could make them for your personal use or share them with the community
02:37
if you want to. You could become a Splunk certified developer.
02:39
You need to first become a Splunk enterprise certified admin to pursue this and then take several classes specific to development and then taken exam.
02:51
Let's go ahead and install an app from the gooey so you can see what it looks like.
02:58
The app I'm installing today is
03:00
called splint Essentials for wire data.
03:02
And this APP is mostly gonna provide examples in instruction for working with wire data like network traffic and pack. It captures.
03:13
So to start off,
03:14
I am just getting click this. Find more APS button.
03:17
If I wanted to, I could start off in *** base and then download the file and uploaded to the web interface.
03:24
Um, in here
03:27
I can browse by tons of new APS,
03:30
look at popular ones and I can search by keywords.
03:36
So I'm gonna type in
03:38
Splunk
03:39
essentials for wire Dida
03:44
and see what comes up. There we are.
03:46
So I'm just gonna click install.
03:50
I will have to log in for this.
03:55
Okay,
03:57
so it just downloaded. That was pretty quick and I'm gonna go ahead and restart now, in order to complete the installation,
04:09
I've locked again and now I see a new app under here.
04:17
Here we are.
04:18
So we install it out,
04:24
we want to We can click around a little.
04:30
So this just gives us different use cases and examples.
04:39
If we were to open one of these up,
04:46
um, we could work with the search
04:49
to find things that match this kind of use case like looking for a missing configured D n sn, Points
04:59
for my click down here
05:06
gives some sample searches and the types of
05:10
things that I might receive if I had
05:13
the proper data for this.
05:15
So
05:19
true or false, you should first install a nap in a production environment before testing it.
05:28
If you read that sentence carefully, you should have said false.
05:32
A production environment where *** is currently being used for business purposes isn't the best place to test out new APS. Ideally, you'll have a test environment with the same version and similar settings to the real one to experiment with.
05:47
Our next video will begin our last module

Up Next

Introduction to Splunk

This Splunk training class is designed to quickly introduce you to Splunk and its many capabilities.

Instructed By

Instructor Profile Image
Natasha Staples
Incident Response Security Engineer at Arrow Electronics
Instructor