From the course: Splunk for Security Analytics and Monitoring
Join today to access over 24,900 courses taught by industry experts.
Splunk data ingestion - Splunk Tutorial
From the course: Splunk for Security Analytics and Monitoring
Splunk data ingestion
- [Instructor] One crucial part of Splunk is configuring data ingestion. We need to be able to receive data into our Splunk environment, so it can be indexed and then it can be searched, we can generate reports, we can generate dashboard visualizations and so on. So let's take a look then at what our options are. You've got a number of different Splunk data sources. It could be operating system logs, it could be application-specific or cloud-based logs for your cloud environment, whether it's Amazon Web Services, Google Cloud Platform, Microsoft Azure, and so on. You can also use Microsoft Active Directory as a data source. For example, I want to know if there are failed log-ons or if a user account is signed in from many stations at the same time. You might also want to track admin activity like the deletion of user accounts in Active Directory. You can also monitor file systems to look for changes to files or…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.