What you should know - Splunk Tutorial

- [Instructor] Before we get started with Splunk for security analytics and monitoring there are a few things that you should know ahead of time. The first is that we will be using Linux virtual machines for our Splunk Enterprise installation as well as for a Splunk universal forwarder, and we'll focus on those details later in the course. So you should be familiar with basic Linux management such as remoting into a Linux instance over SSH so that you don't have to be physically present at a server to manage it. You should be able to navigate through the Linux file system and use basic file system commands like Tail, Cat, Nano and LS. You should be able to launch binary files in Linux, and you should also have a basic understanding of IP addressing and port numbers for listening network services. You should also have the same types of skills for the Windows environment. You should be able to remotely manage Windows servers using remote Desktop Protocol or RDP. You should have an understanding of how to navigate through the Windows file system. You should be able to install software in Windows, have a basic understanding of IP addressing and port numbers, and also a basic understanding of how to set up a Microsoft Active Directory domain, and how to manage it using Gooey tools, and also a basic understanding of a Microsoft IIS web server installation and basic management. Now, if you need any more info on Linux or Windows Management, look for other titles in the LinkedIn Library. For example, if I go into a web browser and if I search up LinkedIn Learning, Linux management, then I have all kinds of titles related to how to manage Linux. In the same way, if I were interested in learning about Window server management if I don't already have that skill set, I could do the same type of thing and search up Windows Server Management. So that'll help you along if you don't already have that skill set. Now, I urge you to follow along with me as I demonstrate how to go through various Splunk configurations, but in order to do that, you're going to need an AWS account, Amazon Web Services. AWS is a cloud platform. You can sign up for a free trial account, but we're also going to be working with instances. Now, an EC2 instance in AWS is just a virtual machine running in the AWS cloud. We're going to need four in total. That is, if you're going to follow along with me. Two Linux and two Windows instances that have connectivity to the internet. So one Linux and one Windows instance will be configured as what we call a universal forwarder. For now, let's just say that ingests data and sends it off to another host to be indexed. That other host is a Splunk Enterprise server installation. We're going to be installing Splunk Enterprise on Linux as well as on Windows. And that's where we get our total of four virtual machines or EC2 instances that you're going to need. So you can sign up for a 60 day Splunk Enterprise free trial license. You'll have to create a free Splunk trial account that allows you to have up to 500 megabytes per day of ingested data. We're also going to be working with Splunk Cloud platform so you can also sign up for a free 15 day Splunk Cloud trial which allows up to five gigabytes per day of ingested data. Now, if you're not sure how to set up an AWS account or how to configure Linux and Windows EC2 instances, as I'm sure you would guess, you can find titles in the LinkedIn Library related to this. For example, on the LinkedIn Learning website I've simply searched for AWS and they were all kinds of courses that can help you gain the skills in how to set up virtual machines or EC2 instances in AWS if you need it. Now, if you're more comfortable simply taking the course and learning about Splunk, you don't have to follow through with the demos, you don't have to set this all up. But to get the best experience and to get the most out of the course, I would recommend that you do follow along and experiment and try things out as we're going over them.