[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.04,0:00:01.40,Default,,0000,0000,0000,,are you looking to analyze all your logs
Dialogue: 0,0:00:01.40,0:00:03.40,Default,,0000,0000,0000,,and events in one location or maybe
Dialogue: 0,0:00:03.40,0:00:04.76,Default,,0000,0000,0000,,you're just looking to learn about a Sim
Dialogue: 0,0:00:04.76,0:00:07.00,Default,,0000,0000,0000,,tool like Splunk to prepare for a job in
Dialogue: 0,0:00:07.00,0:00:09.64,Default,,0000,0000,0000,,it or cyber security well look no
Dialogue: 0,0:00:09.64,0:00:11.36,Default,,0000,0000,0000,,further in this video we're going to
Dialogue: 0,0:00:11.36,0:00:12.88,Default,,0000,0000,0000,,walk through installing and configuring
Dialogue: 0,0:00:12.88,0:00:14.68,Default,,0000,0000,0000,,Splunk which is one of the leaders in
Dialogue: 0,0:00:14.68,0:00:16.80,Default,,0000,0000,0000,,log and data analysis on a Windows
Dialogue: 0,0:00:16.80,0:00:19.24,Default,,0000,0000,0000,,system but first welcome to the channel
Dialogue: 0,0:00:19.24,0:00:21.52,Default,,0000,0000,0000,,or welcome back my name is John good and
Dialogue: 0,0:00:21.52,0:00:23.40,Default,,0000,0000,0000,,on this channel we talk all about cyber
Dialogue: 0,0:00:23.40,0:00:25.40,Default,,0000,0000,0000,,security if you enjoy the content make
Dialogue: 0,0:00:25.40,0:00:27.40,Default,,0000,0000,0000,,sure to like the video subscribe to the
Dialogue: 0,0:00:27.40,0:00:29.08,Default,,0000,0000,0000,,channel and hit the Bell icon so you get
Dialogue: 0,0:00:29.08,0:00:31.00,Default,,0000,0000,0000,,notified for future content and if you
Dialogue: 0,0:00:31.00,0:00:32.52,Default,,0000,0000,0000,,have any questions leave them in the
Dialogue: 0,0:00:32.52,0:00:34.48,Default,,0000,0000,0000,,comment section below also make sure to
Dialogue: 0,0:00:34.48,0:00:35.88,Default,,0000,0000,0000,,check out the description for more
Dialogue: 0,0:00:35.88,0:00:37.68,Default,,0000,0000,0000,,training and resources all right let's
Dialogue: 0,0:00:37.68,0:00:40.60,Default,,0000,0000,0000,,do this in it cyber security and even
Dialogue: 0,0:00:40.60,0:00:42.92,Default,,0000,0000,0000,,devops one of the biggest issues that we
Dialogue: 0,0:00:42.92,0:00:44.92,Default,,0000,0000,0000,,have is monitoring our networks and
Dialogue: 0,0:00:44.92,0:00:46.36,Default,,0000,0000,0000,,being able to look at large amounts of
Dialogue: 0,0:00:46.36,0:00:48.80,Default,,0000,0000,0000,,data at once if we have two computers
Dialogue: 0,0:00:48.80,0:00:50.36,Default,,0000,0000,0000,,yeah looking at the logs individually is
Dialogue: 0,0:00:50.36,0:00:51.92,Default,,0000,0000,0000,,going to be possible but it's going to
Dialogue: 0,0:00:51.92,0:00:54.44,Default,,0000,0000,0000,,be annoying if we have a th systems it's
Dialogue: 0,0:00:54.44,0:00:56.72,Default,,0000,0000,0000,,basically impossible to do that and stay
Dialogue: 0,0:00:56.72,0:00:57.96,Default,,0000,0000,0000,,current with all the events that are
Dialogue: 0,0:00:57.96,0:01:00.40,Default,,0000,0000,0000,,taking place on those systems Splunk is
Dialogue: 0,0:01:00.40,0:01:01.68,Default,,0000,0000,0000,,one of the leaders and helping us
Dialogue: 0,0:01:01.68,0:01:03.84,Default,,0000,0000,0000,,analyze large amounts of data in one
Dialogue: 0,0:01:03.84,0:01:05.76,Default,,0000,0000,0000,,central location so it's a pretty good
Dialogue: 0,0:01:05.76,0:01:07.16,Default,,0000,0000,0000,,idea that you become familiar with how
Dialogue: 0,0:01:07.16,0:01:09.40,Default,,0000,0000,0000,,it works we also refer to Splunk as a
Dialogue: 0,0:01:09.40,0:01:11.24,Default,,0000,0000,0000,,Sim tool which stands for security
Dialogue: 0,0:01:11.24,0:01:13.36,Default,,0000,0000,0000,,information and event management at a
Dialogue: 0,0:01:13.36,0:01:14.96,Default,,0000,0000,0000,,high level Splunk operates basically
Dialogue: 0,0:01:14.96,0:01:17.04,Default,,0000,0000,0000,,like a database with its own specific
Dialogue: 0,0:01:17.04,0:01:18.72,Default,,0000,0000,0000,,language called search processing
Dialogue: 0,0:01:18.72,0:01:21.12,Default,,0000,0000,0000,,language or SPL the better that you can
Dialogue: 0,0:01:21.12,0:01:23.72,Default,,0000,0000,0000,,navigate SPL and Splunk itself the more
Dialogue: 0,0:01:23.72,0:01:25.68,Default,,0000,0000,0000,,desirable that you'll be to employers
Dialogue: 0,0:01:25.68,0:01:27.20,Default,,0000,0000,0000,,there are even jobs that are dedicated
Dialogue: 0,0:01:27.20,0:01:29.00,Default,,0000,0000,0000,,to configuring and managing spunk
Dialogue: 0,0:01:29.00,0:01:30.92,Default,,0000,0000,0000,,installations and even if you had to use
Dialogue: 0,0:01:30.92,0:01:32.64,Default,,0000,0000,0000,,a similar product you'll have a good
Dialogue: 0,0:01:32.64,0:01:34.56,Default,,0000,0000,0000,,idea of what's going on the goal in this
Dialogue: 0,0:01:34.56,0:01:36.12,Default,,0000,0000,0000,,video is to get a free Splunk
Dialogue: 0,0:01:36.12,0:01:38.24,Default,,0000,0000,0000,,installation running on a local system
Dialogue: 0,0:01:38.24,0:01:39.52,Default,,0000,0000,0000,,and then show you some of the basic
Dialogue: 0,0:01:39.52,0:01:41.52,Default,,0000,0000,0000,,features that you should know after this
Dialogue: 0,0:01:41.52,0:01:42.96,Default,,0000,0000,0000,,video you'll be able to learn additional
Dialogue: 0,0:01:42.96,0:01:45.20,Default,,0000,0000,0000,,capabilities of Splunk or at least be
Dialogue: 0,0:01:45.20,0:01:47.16,Default,,0000,0000,0000,,able to talk about Splunk and how to use
Dialogue: 0,0:01:47.16,0:01:49.16,Default,,0000,0000,0000,,similar tools before we dive into the
Dialogue: 0,0:01:49.16,0:01:50.64,Default,,0000,0000,0000,,demo I'm assuming that you already have
Dialogue: 0,0:01:50.64,0:01:52.88,Default,,0000,0000,0000,,a virtual machine or a system to install
Dialogue: 0,0:01:52.88,0:01:55.04,Default,,0000,0000,0000,,Splunk on for this video I'll be using a
Dialogue: 0,0:01:55.04,0:01:57.68,Default,,0000,0000,0000,,Windows Server 2022 virtual machine
Dialogue: 0,0:01:57.68,0:01:59.40,Default,,0000,0000,0000,,since we typically install Splunk on a
Dialogue: 0,0:01:59.40,0:02:01.08,Default,,0000,0000,0000,,server but the process is going to be
Dialogue: 0,0:02:01.08,0:02:03.20,Default,,0000,0000,0000,,the same on any Windows system all right
Dialogue: 0,0:02:03.20,0:02:05.08,Default,,0000,0000,0000,,let's begin okay so the first thing that
Dialogue: 0,0:02:05.08,0:02:06.56,Default,,0000,0000,0000,,you have to do is you have to go to the
Dialogue: 0,0:02:06.56,0:02:09.44,Default,,0000,0000,0000,,Splunk website so splunk.com because we
Dialogue: 0,0:02:09.44,0:02:11.52,Default,,0000,0000,0000,,need to download Splunk so we're going
Dialogue: 0,0:02:11.52,0:02:13.88,Default,,0000,0000,0000,,to go to products we're going to go to
Dialogue: 0,0:02:13.88,0:02:16.16,Default,,0000,0000,0000,,Splunk
Dialogue: 0,0:02:16.16,0:02:17.76,Default,,0000,0000,0000,,Enterprise all right and then we're
Dialogue: 0,0:02:17.76,0:02:20.56,Default,,0000,0000,0000,,going to click free
Dialogue: 0,0:02:21.52,0:02:23.72,Default,,0000,0000,0000,,trial and you'll have to create an
Dialogue: 0,0:02:23.72,0:02:26.04,Default,,0000,0000,0000,,account if you don't already have one in
Dialogue: 0,0:02:26.04,0:02:28.08,Default,,0000,0000,0000,,order to download Splunk and once you
Dialogue: 0,0:02:28.08,0:02:30.84,Default,,0000,0000,0000,,log in you need to go ahead and download
Dialogue: 0,0:02:30.84,0:02:33.48,Default,,0000,0000,0000,,Splunk and get the correct download
Dialogue: 0,0:02:33.48,0:02:35.12,Default,,0000,0000,0000,,depending on which operating system that
Dialogue: 0,0:02:35.12,0:02:37.12,Default,,0000,0000,0000,,you're using okay now that download is
Dialogue: 0,0:02:37.12,0:02:38.64,Default,,0000,0000,0000,,done go ahead and open that file and
Dialogue: 0,0:02:38.64,0:02:40.28,Default,,0000,0000,0000,,we're going to install Splunk and we're
Dialogue: 0,0:02:40.28,0:02:41.96,Default,,0000,0000,0000,,going to use a lot of the defaults in
Dialogue: 0,0:02:41.96,0:02:43.64,Default,,0000,0000,0000,,this but of course if you were in the
Dialogue: 0,0:02:43.64,0:02:45.36,Default,,0000,0000,0000,,real world you might customize some of
Dialogue: 0,0:02:45.36,0:02:47.12,Default,,0000,0000,0000,,these options we're going to go ahead
Dialogue: 0,0:02:47.12,0:02:49.12,Default,,0000,0000,0000,,and check the box to accept the license
Dialogue: 0,0:02:49.12,0:02:50.96,Default,,0000,0000,0000,,agreements and we're just going to hit
Dialogue: 0,0:02:50.96,0:02:52.68,Default,,0000,0000,0000,,next and these are the defaults that
Dialogue: 0,0:02:52.68,0:02:54.16,Default,,0000,0000,0000,,it's going to use so it's going to run
Dialogue: 0,0:02:54.16,0:02:55.92,Default,,0000,0000,0000,,Splunk Enterprise as a local system
Dialogue: 0,0:02:55.92,0:02:58.44,Default,,0000,0000,0000,,account it's going to use this directory
Dialogue: 0,0:02:58.44,0:02:59.56,Default,,0000,0000,0000,,and then it's going to create a start
Dialogue: 0,0:02:59.56,0:03:01.28,Default,,0000,0000,0000,,menu new shortcut so again we're going
Dialogue: 0,0:03:01.28,0:03:03.52,Default,,0000,0000,0000,,to use a defaults we'll hit
Dialogue: 0,0:03:03.52,0:03:06.00,Default,,0000,0000,0000,,next we're going to create a username
Dialogue: 0,0:03:06.00,0:03:08.40,Default,,0000,0000,0000,,and a
Dialogue: 0,0:03:08.64,0:03:11.32,Default,,0000,0000,0000,,password and then we'll hit
Dialogue: 0,0:03:11.32,0:03:13.56,Default,,0000,0000,0000,,next and we'll hit
Dialogue: 0,0:03:13.56,0:03:16.04,Default,,0000,0000,0000,,install so that username and password is
Dialogue: 0,0:03:16.04,0:03:17.44,Default,,0000,0000,0000,,really important because that's what
Dialogue: 0,0:03:17.44,0:03:21.36,Default,,0000,0000,0000,,you're going to use to actually log into
Dialogue: 0,0:03:24.68,0:03:26.80,Default,,0000,0000,0000,,Splunk Okay so we've successfully
Dialogue: 0,0:03:26.80,0:03:28.92,Default,,0000,0000,0000,,installed Splunk Enterprise and we're
Dialogue: 0,0:03:28.92,0:03:30.52,Default,,0000,0000,0000,,going to leave this launch browser with
Dialogue: 0,0:03:30.52,0:03:34.08,Default,,0000,0000,0000,,Splunk Enterprise checked and we'll hit
Dialogue: 0,0:03:34.08,0:03:37.92,Default,,0000,0000,0000,,finish and we'll open it with our web
Dialogue: 0,0:03:37.92,0:03:39.80,Default,,0000,0000,0000,,browser okay do you remember when we
Dialogue: 0,0:03:39.80,0:03:41.72,Default,,0000,0000,0000,,originally installing and configuring
Dialogue: 0,0:03:41.72,0:03:43.72,Default,,0000,0000,0000,,the installation for Splunk and we had
Dialogue: 0,0:03:43.72,0:03:45.48,Default,,0000,0000,0000,,to create a username and password that's
Dialogue: 0,0:03:45.48,0:03:47.00,Default,,0000,0000,0000,,what we need to enter here so we can log
Dialogue: 0,0:03:47.00,0:03:49.00,Default,,0000,0000,0000,,in we've now successfully installed
Dialogue: 0,0:03:49.00,0:03:51.40,Default,,0000,0000,0000,,Splunk and we've logged in now we need
Dialogue: 0,0:03:51.40,0:03:53.36,Default,,0000,0000,0000,,to set up our logs actually being
Dialogue: 0,0:03:53.36,0:03:55.44,Default,,0000,0000,0000,,adjusted into the tool so we're going to
Dialogue: 0,0:03:55.44,0:03:58.40,Default,,0000,0000,0000,,go to settings and then data inputs for
Dialogue: 0,0:03:58.40,0:03:59.84,Default,,0000,0000,0000,,this video we're only going to deal with
Dialogue: 0,0:03:59.84,0:04:01.40,Default,,0000,0000,0000,,local events we're not going to deal
Dialogue: 0,0:04:01.40,0:04:03.44,Default,,0000,0000,0000,,with remote systems so we're going to go
Dialogue: 0,0:04:03.44,0:04:05.72,Default,,0000,0000,0000,,under local event log collection we're
Dialogue: 0,0:04:05.72,0:04:07.08,Default,,0000,0000,0000,,going to select
Dialogue: 0,0:04:07.08,0:04:09.76,Default,,0000,0000,0000,,edit now we need to select the logs that
Dialogue: 0,0:04:09.76,0:04:12.04,Default,,0000,0000,0000,,we want to actually injust into the tool
Dialogue: 0,0:04:12.04,0:04:13.88,Default,,0000,0000,0000,,so I'm going to keep it really simple
Dialogue: 0,0:04:13.88,0:04:16.32,Default,,0000,0000,0000,,and just do application security and
Dialogue: 0,0:04:16.32,0:04:17.52,Default,,0000,0000,0000,,system those are kind of the
Dialogue: 0,0:04:17.52,0:04:20.32,Default,,0000,0000,0000,,foundational logs we'll scroll down and
Dialogue: 0,0:04:20.32,0:04:22.08,Default,,0000,0000,0000,,we'll select
Dialogue: 0,0:04:22.08,0:04:24.44,Default,,0000,0000,0000,,save okay and the status should be
Dialogue: 0,0:04:24.44,0:04:26.32,Default,,0000,0000,0000,,enabled because that's going to ingest
Dialogue: 0,0:04:26.32,0:04:29.92,Default,,0000,0000,0000,,those logs and we'll go back to apps in
Dialogue: 0,0:04:29.92,0:04:32.20,Default,,0000,0000,0000,,Search and Reporting all right in the
Dialogue: 0,0:04:32.20,0:04:34.24,Default,,0000,0000,0000,,search bar here we're going to put in an
Dialogue: 0,0:04:34.24,0:04:36.44,Default,,0000,0000,0000,,asterisk or a star and we're going to
Dialogue: 0,0:04:36.44,0:04:38.28,Default,,0000,0000,0000,,hit return to search for all the events
Dialogue: 0,0:04:38.28,0:04:40.24,Default,,0000,0000,0000,,that it knows about as you can see it's
Dialogue: 0,0:04:40.24,0:04:42.60,Default,,0000,0000,0000,,starting to get events from our local
Dialogue: 0,0:04:42.60,0:04:44.40,Default,,0000,0000,0000,,system again in this video we're just
Dialogue: 0,0:04:44.40,0:04:46.56,Default,,0000,0000,0000,,dealing with the local system not remote
Dialogue: 0,0:04:46.56,0:04:49.36,Default,,0000,0000,0000,,systems so this would be a very basic
Dialogue: 0,0:04:49.36,0:04:52.28,Default,,0000,0000,0000,,kind of search we can do all kinds of
Dialogue: 0,0:04:52.28,0:04:54.16,Default,,0000,0000,0000,,different basic searches in here we can
Dialogue: 0,0:04:54.16,0:04:56.28,Default,,0000,0000,0000,,also get a little bit more advanced with
Dialogue: 0,0:04:56.28,0:04:59.12,Default,,0000,0000,0000,,filters and different queries and
Dialogue: 0,0:04:59.12,0:05:01.04,Default,,0000,0000,0000,,parameters and things like that for this
Dialogue: 0,0:05:01.04,0:05:03.24,Default,,0000,0000,0000,,what I'm going to do is I'm actually
Dialogue: 0,0:05:03.24,0:05:06.88,Default,,0000,0000,0000,,going to open up our Event
Dialogue: 0,0:05:06.88,0:05:09.20,Default,,0000,0000,0000,,Viewer so I've gone to the windows menu
Dialogue: 0,0:05:09.20,0:05:12.44,Default,,0000,0000,0000,,and I'm going to open up Event
Dialogue: 0,0:05:12.52,0:05:14.88,Default,,0000,0000,0000,,Viewer and I'm going to go under Windows
Dialogue: 0,0:05:14.88,0:05:16.48,Default,,0000,0000,0000,,logs and
Dialogue: 0,0:05:16.48,0:05:18.88,Default,,0000,0000,0000,,security I'm going to rightclick this
Dialogue: 0,0:05:18.88,0:05:22.08,Default,,0000,0000,0000,,and I'm going to select clear
Dialogue: 0,0:05:22.36,0:05:24.68,Default,,0000,0000,0000,,log and I'm going to select clear so
Dialogue: 0,0:05:24.68,0:05:26.92,Default,,0000,0000,0000,,it's going to clear the security log and
Dialogue: 0,0:05:26.92,0:05:28.24,Default,,0000,0000,0000,,I'll show you why I'm doing this here in
Dialogue: 0,0:05:28.24,0:05:32.04,Default,,0000,0000,0000,,a second so if if we go back into our
Dialogue: 0,0:05:32.04,0:05:33.92,Default,,0000,0000,0000,,system here in our Splunk
Dialogue: 0,0:05:33.92,0:05:36.04,Default,,0000,0000,0000,,system we're going to actually narrow
Dialogue: 0,0:05:36.04,0:05:37.36,Default,,0000,0000,0000,,this down a little bit and I'm going to
Dialogue: 0,0:05:37.36,0:05:40.20,Default,,0000,0000,0000,,show you how you can do this so all of
Dialogue: 0,0:05:40.20,0:05:43.16,Default,,0000,0000,0000,,these parameters and Fields if I select
Dialogue: 0,0:05:43.16,0:05:45.32,Default,,0000,0000,0000,,one so for instance the host I'm going
Dialogue: 0,0:05:45.32,0:05:47.52,Default,,0000,0000,0000,,to left click on this and I'm going to
Dialogue: 0,0:05:47.52,0:05:48.92,Default,,0000,0000,0000,,do add to
Dialogue: 0,0:05:48.92,0:05:51.04,Default,,0000,0000,0000,,search that's going to add it in this
Dialogue: 0,0:05:51.04,0:05:54.56,Default,,0000,0000,0000,,search bar and we're going to slowly
Dialogue: 0,0:05:54.56,0:05:57.16,Default,,0000,0000,0000,,narrow this search down and then the
Dialogue: 0,0:05:57.16,0:05:59.16,Default,,0000,0000,0000,,next one I'm going to do is source so we
Dialogue: 0,0:05:59.16,0:06:01.72,Default,,0000,0000,0000,,want it from from the security
Dialogue: 0,0:06:01.72,0:06:04.28,Default,,0000,0000,0000,,logs and then the event code I want to
Dialogue: 0,0:06:04.28,0:06:06.24,Default,,0000,0000,0000,,also add in here so I'm going to add
Dialogue: 0,0:06:06.24,0:06:08.12,Default,,0000,0000,0000,,this to our
Dialogue: 0,0:06:08.12,0:06:10.88,Default,,0000,0000,0000,,search and this did not add the full
Dialogue: 0,0:06:10.88,0:06:12.52,Default,,0000,0000,0000,,thing here but that's okay we're going
Dialogue: 0,0:06:12.52,0:06:16.40,Default,,0000,0000,0000,,to add equal sign and then we want 112
Dialogue: 0,0:06:16.40,0:06:19.72,Default,,0000,0000,0000,,is the event that we want to
Dialogue: 0,0:06:19.72,0:06:23.24,Default,,0000,0000,0000,,find and we'll hit
Dialogue: 0,0:06:23.24,0:06:25.44,Default,,0000,0000,0000,,return and that's how you can narrow
Dialogue: 0,0:06:25.44,0:06:28.24,Default,,0000,0000,0000,,down the searches so we've only got this
Dialogue: 0,0:06:28.24,0:06:30.96,Default,,0000,0000,0000,,one particular event
Dialogue: 0,0:06:30.96,0:06:33.60,Default,,0000,0000,0000,,which this event was the audit log being
Dialogue: 0,0:06:33.60,0:06:36.68,Default,,0000,0000,0000,,cleared that's what we just
Dialogue: 0,0:06:36.68,0:06:39.24,Default,,0000,0000,0000,,did great so that's an example of how
Dialogue: 0,0:06:39.24,0:06:42.32,Default,,0000,0000,0000,,you can search in Splunk for specific
Dialogue: 0,0:06:42.32,0:06:44.64,Default,,0000,0000,0000,,things now I'm going to copy this
Dialogue: 0,0:06:44.64,0:06:46.72,Default,,0000,0000,0000,,because we'll need it
Dialogue: 0,0:06:46.72,0:06:49.00,Default,,0000,0000,0000,,later and then I'm actually going to
Dialogue: 0,0:06:49.00,0:06:51.72,Default,,0000,0000,0000,,select create table
Dialogue: 0,0:06:51.72,0:06:54.36,Default,,0000,0000,0000,,view we'll skip the tour because again I
Dialogue: 0,0:06:54.36,0:06:56.04,Default,,0000,0000,0000,,don't care about that and this will
Dialogue: 0,0:06:56.04,0:06:58.36,Default,,0000,0000,0000,,actually put this into a
Dialogue: 0,0:06:58.36,0:07:00.68,Default,,0000,0000,0000,,table and and then on the left here you
Dialogue: 0,0:07:00.68,0:07:03.24,Default,,0000,0000,0000,,can select or deselect different types
Dialogue: 0,0:07:03.24,0:07:04.84,Default,,0000,0000,0000,,of logs so I'm going to actually
Dialogue: 0,0:07:04.84,0:07:06.92,Default,,0000,0000,0000,,unselect raw so it's not going to give
Dialogue: 0,0:07:06.92,0:07:09.04,Default,,0000,0000,0000,,us all that information and I'm going to
Dialogue: 0,0:07:09.04,0:07:11.00,Default,,0000,0000,0000,,hit
Dialogue: 0,0:07:11.00,0:07:14.08,Default,,0000,0000,0000,,done okay and as you can see that gave
Dialogue: 0,0:07:14.08,0:07:16.12,Default,,0000,0000,0000,,us a table with the fields that we've
Dialogue: 0,0:07:16.12,0:07:17.60,Default,,0000,0000,0000,,selected I hope you're enjoying the
Dialogue: 0,0:07:17.60,0:07:19.36,Default,,0000,0000,0000,,content so far if you are make sure to
Dialogue: 0,0:07:19.36,0:07:21.64,Default,,0000,0000,0000,,leave a like comment and subscribe also
Dialogue: 0,0:07:21.64,0:07:23.00,Default,,0000,0000,0000,,check out the description for more
Dialogue: 0,0:07:23.00,0:07:24.56,Default,,0000,0000,0000,,training and resources all right let's
Dialogue: 0,0:07:24.56,0:07:26.08,Default,,0000,0000,0000,,get back to the content now I'm going to
Dialogue: 0,0:07:26.08,0:07:27.84,Default,,0000,0000,0000,,go to
Dialogue: 0,0:07:27.84,0:07:29.76,Default,,0000,0000,0000,,dashboards and again I'm going to skip
Dialogue: 0,0:07:29.76,0:07:30.72,Default,,0000,0000,0000,,the
Dialogue: 0,0:07:30.72,0:07:35.16,Default,,0000,0000,0000,,tour and I'm going to select create new
Dialogue: 0,0:07:35.24,0:07:37.24,Default,,0000,0000,0000,,dashboard and we're just going to label
Dialogue: 0,0:07:37.24,0:07:39.20,Default,,0000,0000,0000,,this clear
Dialogue: 0,0:07:39.20,0:07:41.84,Default,,0000,0000,0000,,logs and we're going to create this with
Dialogue: 0,0:07:41.84,0:07:43.96,Default,,0000,0000,0000,,the dashboard
Dialogue: 0,0:07:43.96,0:07:46.52,Default,,0000,0000,0000,,studio and we're going to do
Dialogue: 0,0:07:46.52,0:07:49.92,Default,,0000,0000,0000,,grid select
Dialogue: 0,0:07:51.72,0:07:53.84,Default,,0000,0000,0000,,create all right so now we can create a
Dialogue: 0,0:07:53.84,0:07:56.52,Default,,0000,0000,0000,,dashboard dashboards are huge for
Dialogue: 0,0:07:56.52,0:07:58.48,Default,,0000,0000,0000,,analyzing data because we can quickly
Dialogue: 0,0:07:58.48,0:08:00.84,Default,,0000,0000,0000,,display C certain things and especially
Dialogue: 0,0:08:00.84,0:08:04.12,Default,,0000,0000,0000,,in areas like security or it or any kind
Dialogue: 0,0:08:04.12,0:08:05.68,Default,,0000,0000,0000,,of data analytics you're probably
Dialogue: 0,0:08:05.68,0:08:08.44,Default,,0000,0000,0000,,looking for relatively specific things
Dialogue: 0,0:08:08.44,0:08:10.12,Default,,0000,0000,0000,,and this way anything you're
Dialogue: 0,0:08:10.12,0:08:11.44,Default,,0000,0000,0000,,consistently looking for you can just
Dialogue: 0,0:08:11.44,0:08:13.20,Default,,0000,0000,0000,,put into a table or a graph or something
Dialogue: 0,0:08:13.20,0:08:15.32,Default,,0000,0000,0000,,like that and put it on a dashboard so
Dialogue: 0,0:08:15.32,0:08:18.40,Default,,0000,0000,0000,,you can easily view it as it happens so
Dialogue: 0,0:08:18.40,0:08:19.72,Default,,0000,0000,0000,,we're going to add a chart here we're
Dialogue: 0,0:08:19.72,0:08:21.76,Default,,0000,0000,0000,,going to add a
Dialogue: 0,0:08:21.76,0:08:23.96,Default,,0000,0000,0000,,table and we're going to paste in this
Dialogue: 0,0:08:23.96,0:08:26.28,Default,,0000,0000,0000,,search with SPL that query that we
Dialogue: 0,0:08:26.28,0:08:28.28,Default,,0000,0000,0000,,already found to find the event logs
Dialogue: 0,0:08:28.28,0:08:30.52,Default,,0000,0000,0000,,being cleared so as you can see this
Dialogue: 0,0:08:30.52,0:08:34.40,Default,,0000,0000,0000,,looks exactly like it did in our other
Dialogue: 0,0:08:34.40,0:08:36.20,Default,,0000,0000,0000,,search all right and we're going to
Dialogue: 0,0:08:36.20,0:08:37.96,Default,,0000,0000,0000,,select apply and
Dialogue: 0,0:08:37.96,0:08:40.64,Default,,0000,0000,0000,,close we're going to give this a
Dialogue: 0,0:08:40.64,0:08:42.60,Default,,0000,0000,0000,,label and we're not really going to
Dialogue: 0,0:08:42.60,0:08:45.12,Default,,0000,0000,0000,,customize this at all but you could in
Dialogue: 0,0:08:45.12,0:08:47.52,Default,,0000,0000,0000,,the column formatting you can add things
Dialogue: 0,0:08:47.52,0:08:49.64,Default,,0000,0000,0000,,you can also remove things
Dialogue: 0,0:08:49.64,0:08:52.92,Default,,0000,0000,0000,,too so if we go up here and we actually
Dialogue: 0,0:08:52.92,0:08:54.60,Default,,0000,0000,0000,,edit our
Dialogue: 0,0:08:54.60,0:08:56.72,Default,,0000,0000,0000,,search I'm going to show you how you can
Dialogue: 0,0:08:56.72,0:08:58.20,Default,,0000,0000,0000,,eliminate some of these columns if you
Dialogue: 0,0:08:58.20,0:09:01.32,Default,,0000,0000,0000,,didn't want them so we can add a
Dialogue: 0,0:09:01.32,0:09:03.80,Default,,0000,0000,0000,,pipe and then we're going to type
Dialogue: 0,0:09:03.80,0:09:06.24,Default,,0000,0000,0000,,Fields a
Dialogue: 0,0:09:06.24,0:09:08.20,Default,,0000,0000,0000,,minus and then we're going to type the
Dialogue: 0,0:09:08.20,0:09:09.92,Default,,0000,0000,0000,,actual field in
Dialogue: 0,0:09:09.92,0:09:12.00,Default,,0000,0000,0000,,here so
Dialogue: 0,0:09:12.00,0:09:15.24,Default,,0000,0000,0000,,bkt and CD we're going to
Dialogue: 0,0:09:15.24,0:09:18.08,Default,,0000,0000,0000,,eliminate we'll select apply and
Dialogue: 0,0:09:18.08,0:09:20.64,Default,,0000,0000,0000,,close and as you can see those columns
Dialogue: 0,0:09:20.64,0:09:22.64,Default,,0000,0000,0000,,are no longer in here so you can totally
Dialogue: 0,0:09:22.64,0:09:25.64,Default,,0000,0000,0000,,customize it however you want to see
Dialogue: 0,0:09:25.64,0:09:28.00,Default,,0000,0000,0000,,it and then we're going to select save
Dialogue: 0,0:09:28.00,0:09:30.68,Default,,0000,0000,0000,,to save this dashboard save this
Dialogue: 0,0:09:30.68,0:09:33.24,Default,,0000,0000,0000,,table right so that's saved now if you
Dialogue: 0,0:09:33.24,0:09:35.12,Default,,0000,0000,0000,,go back under dashboards so just
Dialogue: 0,0:09:35.12,0:09:37.08,Default,,0000,0000,0000,,clicking dashboards from wherever you're
Dialogue: 0,0:09:37.08,0:09:39.36,Default,,0000,0000,0000,,at within the application you'll see
Dialogue: 0,0:09:39.36,0:09:40.84,Default,,0000,0000,0000,,that your dashboard is in here so we're
Dialogue: 0,0:09:40.84,0:09:42.76,Default,,0000,0000,0000,,going to actually click on our dashboard
Dialogue: 0,0:09:42.76,0:09:44.84,Default,,0000,0000,0000,,that we created so the clear
Dialogue: 0,0:09:44.84,0:09:47.08,Default,,0000,0000,0000,,logs and this is going to be the table
Dialogue: 0,0:09:47.08,0:09:48.60,Default,,0000,0000,0000,,that we
Dialogue: 0,0:09:48.60,0:09:52.16,Default,,0000,0000,0000,,created if we do actions and we select
Dialogue: 0,0:09:52.16,0:09:54.60,Default,,0000,0000,0000,,set as home dashboard that's going to be
Dialogue: 0,0:09:54.60,0:09:56.72,Default,,0000,0000,0000,,our primary
Dialogue: 0,0:09:56.72,0:09:59.20,Default,,0000,0000,0000,,dashboard so this is just going to be on
Dialogue: 0,0:09:59.20,0:10:01.32,Default,,0000,0000,0000,,the the search and Reporting application
Dialogue: 0,0:10:01.32,0:10:03.00,Default,,0000,0000,0000,,so having a dashboard like this is
Dialogue: 0,0:10:03.00,0:10:05.44,Default,,0000,0000,0000,,extremely useful again you can look at
Dialogue: 0,0:10:05.44,0:10:07.40,Default,,0000,0000,0000,,very specific things that maybe you're
Dialogue: 0,0:10:07.40,0:10:09.16,Default,,0000,0000,0000,,constantly looking at or things that you
Dialogue: 0,0:10:09.16,0:10:11.88,Default,,0000,0000,0000,,need to view at a quick glance
Dialogue: 0,0:10:11.88,0:10:13.60,Default,,0000,0000,0000,,especially when you're dealing with
Dialogue: 0,0:10:13.60,0:10:15.92,Default,,0000,0000,0000,,executive level or management level
Dialogue: 0,0:10:15.92,0:10:18.44,Default,,0000,0000,0000,,leaders this can be great because you
Dialogue: 0,0:10:18.44,0:10:20.80,Default,,0000,0000,0000,,can easily present information in an
Dialogue: 0,0:10:20.80,0:10:23.16,Default,,0000,0000,0000,,easy to read way that they like to see
Dialogue: 0,0:10:23.16,0:10:25.36,Default,,0000,0000,0000,,it so they're not confused by all the
Dialogue: 0,0:10:25.36,0:10:28.64,Default,,0000,0000,0000,,nuances or smaller details of the
Dialogue: 0,0:10:28.64,0:10:30.92,Default,,0000,0000,0000,,application it's just extremely
Dialogue: 0,0:10:30.92,0:10:32.60,Default,,0000,0000,0000,,beneficial to be able to create
Dialogue: 0,0:10:32.60,0:10:36.28,Default,,0000,0000,0000,,dashboards and easy to read
Dialogue: 0,0:10:36.28,0:10:38.28,Default,,0000,0000,0000,,information so then if I go somewhere
Dialogue: 0,0:10:38.28,0:10:40.12,Default,,0000,0000,0000,,else so let's just click anything we'll
Dialogue: 0,0:10:40.12,0:10:41.92,Default,,0000,0000,0000,,just click data inputs under the
Dialogue: 0,0:10:41.92,0:10:43.24,Default,,0000,0000,0000,,settings just so we can get onto a
Dialogue: 0,0:10:43.24,0:10:45.00,Default,,0000,0000,0000,,different
Dialogue: 0,0:10:45.00,0:10:46.80,Default,,0000,0000,0000,,screen and then we're going to go back
Dialogue: 0,0:10:46.80,0:10:47.84,Default,,0000,0000,0000,,to
Dialogue: 0,0:10:47.84,0:10:50.20,Default,,0000,0000,0000,,apps and actually we'll click Splunk
Dialogue: 0,0:10:50.20,0:10:53.72,Default,,0000,0000,0000,,Enterprise to take us back to the
Dialogue: 0,0:10:53.80,0:10:56.52,Default,,0000,0000,0000,,homepage there is clear logs right on
Dialogue: 0,0:10:56.52,0:10:58.76,Default,,0000,0000,0000,,that main page so again you can do
Dialogue: 0,0:10:58.76,0:11:00.36,Default,,0000,0000,0000,,whatever you want as far as the
Dialogue: 0,0:11:00.36,0:11:01.88,Default,,0000,0000,0000,,dashboard and what you have in there
Dialogue: 0,0:11:01.88,0:11:04.32,Default,,0000,0000,0000,,what kind of tables and stuff but that's
Dialogue: 0,0:11:04.32,0:11:06.36,Default,,0000,0000,0000,,just an example of what you can do with
Dialogue: 0,0:11:06.36,0:11:08.64,Default,,0000,0000,0000,,dashboards to quickly and easily display
Dialogue: 0,0:11:08.64,0:11:10.68,Default,,0000,0000,0000,,information so one other website that's
Dialogue: 0,0:11:10.68,0:11:12.76,Default,,0000,0000,0000,,extremely useful is this ultimate it
Dialogue: 0,0:11:12.76,0:11:15.44,Default,,0000,0000,0000,,security they have all the event IDs for
Dialogue: 0,0:11:15.44,0:11:18.08,Default,,0000,0000,0000,,Windows that you'll ever need and then
Dialogue: 0,0:11:18.08,0:11:19.96,Default,,0000,0000,0000,,for instance we have 1102 the audit log
Dialogue: 0,0:11:19.96,0:11:21.24,Default,,0000,0000,0000,,was cleared that's what we were just
Dialogue: 0,0:11:21.24,0:11:23.80,Default,,0000,0000,0000,,looking at if we click on
Dialogue: 0,0:11:23.80,0:11:26.28,Default,,0000,0000,0000,,this you can see it has even more
Dialogue: 0,0:11:26.28,0:11:28.76,Default,,0000,0000,0000,,details about specifically what it is so
Dialogue: 0,0:11:28.76,0:11:31.16,Default,,0000,0000,0000,,if you ever aren't sure what an event ID
Dialogue: 0,0:11:31.16,0:11:33.48,Default,,0000,0000,0000,,is or you need something specific this
Dialogue: 0,0:11:33.48,0:11:35.92,Default,,0000,0000,0000,,is a great resource to use question of
Dialogue: 0,0:11:35.92,0:11:37.68,Default,,0000,0000,0000,,the day what are some important events
Dialogue: 0,0:11:37.68,0:11:39.92,Default,,0000,0000,0000,,or logs that we might want to monitor in
Dialogue: 0,0:11:39.92,0:11:41.88,Default,,0000,0000,0000,,Splunk let me know down in the comment
Dialogue: 0,0:11:41.88,0:11:43.76,Default,,0000,0000,0000,,section Below in this video we walk
Dialogue: 0,0:11:43.76,0:11:44.96,Default,,0000,0000,0000,,through installing and configuring
Dialogue: 0,0:11:44.96,0:11:46.80,Default,,0000,0000,0000,,Splunk which is one of the leading Sim
Dialogue: 0,0:11:46.80,0:11:49.48,Default,,0000,0000,0000,,Tools in login data analysis remember
Dialogue: 0,0:11:49.48,0:11:51.44,Default,,0000,0000,0000,,knowing a tool like Splunk is extremely
Dialogue: 0,0:11:51.44,0:11:53.32,Default,,0000,0000,0000,,helpful in your career and will make you
Dialogue: 0,0:11:53.32,0:11:55.68,Default,,0000,0000,0000,,more desirable by employers as always
Dialogue: 0,0:11:55.68,0:11:57.12,Default,,0000,0000,0000,,make sure to leave a like comment and
Dialogue: 0,0:11:57.12,0:11:58.80,Default,,0000,0000,0000,,subscribe check out the description for
Dialogue: 0,0:11:58.80,0:12:00.68,Default,,0000,0000,0000,,more training resources and I'll see you
Dialogue: 0,0:12:00.68,0:12:03.81,Default,,0000,0000,0000,,next time
Dialogue: 0,0:12:03.81,0:12:23.39,Default,,0000,0000,0000,,[Music]