Post

THM-Writeups Splunk-Basics

Posted
By Aldwin tapican 1 min read

Learn the basics of Splunk.

Task 3 Splunk Components

3.0. Which component is used to collect and send data over the Splunk instance?

Answer: Forwarder

Task 4 Navigating Splunk

4.0. In the Add Data tab, which option is used to collect data from files and ports?

Answer: Monitor

Task 5 Adding Data

5.0 Upload the data attached to this task and create an index “VPN_Logs”. How many events are present in the log file?

Answer: 2,862

5.1. How many log events by the user Maleena are captured?

Answer: 60

5.2. What is the name associated with IP 107.14.182.38?

Answer: Smith

5.3. What is the number of events that originated from all countries except France?

Answer: 2,814

5.4. How many VPN Events were observed by the IP 107.3.206.58?

Answer: 14

References

  • https://tryhackme.com/room/splunk101
Writeup tryhackme
tryhackme pentest
This post is licensed under CC BY 4.0 by the author.