Configuration
Configuring Splunk
- Click here to go to Splunk.
- Click the User icon and select Sign Up.
- Complete the Create Your Splunk Account page.
- Click Create Your Account.
- Download the Splunk Enterprise setup.
- Install Splunk Enterprise.
-
Click here to log into your Splunk Enterprise.
The first time you log in, use the default username admin and the password you set during installation. You can then change the password and log in again with your new password.
Configuring Secret Server Settings
To configure Secret Server settings:
-
Sign into Secret Server.
-
The Home page displays.
-
Click Administration > Actions > Configuration and the Configuration page displays.
-
At the bottom of the page, click Edit
-
The Application Setting page displays.
-
Select Enable Webservices check box.
-
Under the Syslog/CEF Logging Advanced Settings Information area, select Enable Syslog/CEF Logging check box and enter the syslog server.
This should be the IP of the machine/server where Splunk Enterprise is configured.
-
Click Save.
Configure Splunk Enterprise
-
Go to Splunk enterprise > Settings > Add Data > click on Monitor.
-
The Select Source page displays, click TCP/UDP.
-
Select UDP and enter the port configured in Secret Server (for example TCP 6514).
-
Click Next on Input Settings page and select the source type as syslog.
-
In the Index list, select Default.
-
Click Review and the Review page displays.
-
Review the information and click Submit.
-
The message, “,” displays.
-
Click Start Searching and the New Search page displays.
-
In the New Search field, enter the query and click the Search icon.