Splunk

Dec 13 2020

Picture here

Hi All,


I've been playing around with a tool called Splunk in my spare time. It has a lot of functionality and I won't go into much detail here. Below are a few points of interest.


It can run on both Windows and Linux (Linux seems to be preferred).
It can ingest and parse data, extracting out useful fields.
You can extract custom fields using the rex command from _raw data.
You can create custom fields from existing fields using the eval command.
Useful SPL commands include dedup, stats and table, count by is also handy.


Splunk can ingest data in variety of ways.


They also hold blue team competitions called BOTS, which might be fun.