Review the scenario and set a goal
Learn how to create a dashboard to monitor suspicious website activity.
This scenario is based on typical IT operations and security monitoring use cases. Trace hacker activity using failed login attempts and IP addresses. Monitor top hacker locations and targeted user accounts.
This dashboard shows crucial information.
- Failed login attempt counts for valid and invalid accounts.
- Top five hacker IP addresses linked to failed login attempts.
The dashboard also includes interactive features.
- A dynamically populated list of user accounts targeted by a selected hacker.
- A dynamically plotted map showing a selected hacker's location.
Move through these steps to reach the goal.
Before moving to the next step, make sure that you have the following resources.
- A running Splunk platform instance
- Tutorial sample data
- Download the tutorialdata.zip file.
- Use one of the following options to upload the tutorial data into the Splunk platform instance before proceeding.
Instance type Next steps
- Splunk Enterprise
- Self-service Splunk Cloud deployment
Follow these tutorial upload instructions to import the data into the Splunk platform.
- Managed Splunk Cloud deployment
File a Support ticket requesting the data upload.
Once you have the prerequisites in place, go to the next step to start working with the data.
About these scenarios
Start working with data
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12