Splunk® Enterprise

Splunk Enterprise Scenarios

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Review the scenario and set a goal

Learn how to create a dashboard to monitor suspicious website activity.

Scenario

This scenario is based on typical IT operations and security monitoring use cases. Trace hacker activity using failed login attempts and IP addresses. Monitor top hacker locations and targeted user accounts.


Goal

Build a dashboard to help you monitor hacker activity at a glance. This scenario shows you how to create a dashboard like this one.
Scenarios completed db.png

This dashboard shows crucial information.

  • Failed login attempt counts for valid and invalid accounts.
  • Top five hacker IP addresses linked to failed login attempts.


The dashboard also includes interactive features.

  • A dynamically populated list of user accounts targeted by a selected hacker.
  • A dynamically plotted map showing a selected hacker's location.

Steps

Move through these steps to reach the goal.

Scenario steps review scen goal.png


Prerequisites

Before moving to the next step, make sure that you have the following resources.

  • A running Splunk platform instance

  • Tutorial sample data
    • Download the tutorialdata.zip file.
    • Use one of the following options to upload the tutorial data into the Splunk platform instance before proceeding.

    Instance type Next steps
    • Splunk Enterprise
    • Self-service Splunk Cloud deployment
    Follow these tutorial upload instructions to import the data into the Splunk platform.
    • Managed Splunk Cloud deployment
    File a Support ticket requesting the data upload.

Once you have the prerequisites in place, go to the next step to start working with the data.

PREVIOUS
About these scenarios
  NEXT
Start working with data

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters