Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

New to Splunk: What is a log and security logs?

sandepreddy555
New Member
‎05-25-2017 01:26 PM

Hi everyone. I'm new to Splunk.

what is log? what are security logs? Splunk Log Management system?

Please help to to overcome these basic questions?

Thank you everyone.

0 Karma
Reply

aakwah
Builder
‎05-25-2017 02:08 PM

Hello,

Generally machines are trying to tell us something through logs, so they are very valuable resource to ensure that everything is working as expected and to give us an idea what is going on.

From information security perspective logs will help security professionals to quickly identify suspicious activities happening in the network to take quick actions and mitigate risks, security log sources are devices like firewalls, IPS, Antivirus, Windows AD, Endpoints (Desktops) and Proxy servers.

Analyzing and correlating logs provides visibility to network and security infrastructure which makes troubleshooting more easier and will allow monitoring teams to respond faster to incidents, and Splunk make this task easier than before as it acts as a search engine for all types of logs with very effective Search Processing Language (SPL)

Regards

Reply

adonio
Ultra Champion
‎05-25-2017 01:36 PM

log file by wikipedia;
https://en.wikipedia.org/wiki/Logfile
security log -> log that has security related information, might come from a security device (firewall for example) software (malware detection) for example or other (windows security for example)
splunk is not (but can be if you want to) a log management system.
it allows you to search your logs on the fly with out the need to ETL: https://en.wikipedia.org/wiki/Extract,_transform,_load
read more in splunk.com and learn more on youtube splunk
hope it helps

Reply

aaraneta_splunk
Splunk Employee
Splunk Employee
‎05-25-2017 01:36 PM

@sandepreddy555 - First off, welcome to Splunk and the Splunk Community!

I'd recommend you taking a look at these previous Answers posts for some helpful tips, tricks, and resources:
- https://answers.splunk.com/answers/310388/hungry-newbie-best-way-to-learn-splunk-well-effici.html
- https://answers.splunk.com/answers/462710/are-there-any-splunk-training-materials-for-new-us.html

Also, I'd highly recommend (if you haven't done so already) is to do the Search Tutorial. It provides a free data set to download in order to follow along with the tutorial. It may answer some of your basic questions along the way.

Also, Splunk Education is a great resource too. Currently there's a free, self-paced Splunk Fundamentals course you can take!

Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...