Splunk Event Logs

 

Splunk provides to ability to gather data across many areas you may desire including free data sets to explore through. For this example, I've gathered data from my own personal Windows event logs and uploaded it onto Splunk to analyze and parse through it. There are many field terms that can be used so I'll break down my search input and what it means. "source" refers to where the data is being collected from and for this example, I have uploaded my Windows event log. Then I have to specify the host with my user name hence the input "host="soarluna" and to extract the field named after the username from the logs you must denote "extract" as "rex". there are various other fields that can be used such as the fields for errors in case you want to view errors in your data set using "status=error". You can also search through based on time like something from the last hour using "earliest=-1h". You might also want to search based on response time activity and can denote parameters by inputting "response_time>=100 response_time<=200".