Adding data
Splunk can ingest any data. As per the Splunk documentation, when data is added to Splunk, the data is processed and transformed into a series of individual events.
The data sources can be event logs, website logs, firewall logs, etc. Data sources are grouped into categories.
Upload the VPN_logs data and create an index VPN_Logs.
How many events are present in the log file?
 |
|---|
Answer: 2862 |
How many log events by the user Maleena are captured?
 |
|---|
Answer: 60 |
What is the name associated with IP 107.14.182.38?
 |
|---|
Answer: Smith |
What is the number of events that originated from all countries except France?
 |
|---|
Answer: 2814 |
How many VPN Events were observed by the IP 107.3.206.58?
 |
|---|
Answer: 14 |