Video: .mp4 (1280x720, 30 fps(r)) | Audio: aac, 44100 Hz, 2ch | Size: 1.98 GB
Genre: eLearning Video | Duration: 20 lectures (1 hour, 53 mins) | Language: English
Complete hands-on tutorial about the process of logging and monitoring using the amazing and agile tool Splunk
What you'll learn Homepage: https://www.udemy.com/course/splunk-basics-course/
ICT Logging and monitoring basics
How to make logs work for you and get notified if something went wrong
Visualize data received from any log source in very simple steps
Build a small computer LAB that consists of a Splunk server, Apache web server and Fortigate firewall virtual appliance
Install and configure Splunk Enterprise and Splunk Universal Forwarder
Know the different deployment types of Splunk
Collect logs from remote nodes using Splunk Universal Forwarder
Collect logs from Syslog devices like Fortigate firewall
Search and explore data on Splunk
Extract fields and add knowledge to data
Quick introduction to Splunk Search Processing language (SPL)
Requirements
Some prior knowledge about Linux operation system
You'll need a desktop computer (Windows, Mac, or Linux) capable of running 3 virtual machines. The course will walk you through installing the necessary free software.
Description
Machines are trying to tell us something through logs, so they are a very valuable resource for IT departments to ensure that everything is working as expected and to give us an idea of what is going on in our IT environments which will help to respond faster to incidents.
In this hands-on course, we will learn how to set up a small virtual LAB to simulate real-world logging and monitoring scenarios, where we will collect logs from Apache web server and Fortigate firewall and send them to Splunk for storage, analysis, visualization and alerting.
I selected these two log sources specifically because they represent the majority of log sources you will find in your environment, so you can follow the same steps in the course to integrate different log sources in the future.
There are more complicated logs sources to integrate like logs that are pulled from database but they are not suitable to be discussed in an introductory course.
After we onboard logs to Splunk, we will search and explore data we received then we will add knowledge to it by extracting interesting fields in these logs.
At this point, our logs will be ready to be treated by Splunk Searching Processing Language (SPL) to create reports, dashboards, and alerts.
This course will make you ready to dig deep into more advanced topics of Splunk administration like,
High availability
Indexers clusters
Search head clusters
Deployments servers
Splunk Apps
Advanced SPL
But you have to walk before you run, so my vision for this course is to master the basics first to break the ice.
Who this course is for:
Security engineers
IT Administrators
Security operations center engineers
Security incident handlers
Systems administrators
Anyone wants to explore huge log files/feeds
Anyone interested to learn Splunk
TO MAC USERS: If RAR password doesn't work, use this archive program:
RAR Expander 0.8.5 Beta 4 and extract password protected files without error.
TO WIN USERS: If RAR password doesn't work, use this archive program:
Latest Winrar and extract password protected files without error.
Broknote |
