EXPLORING LOGS

SPLUNK> Search & Reporting
 SPL: index=main
 DTG: All Time
 
 * The index=main query will retrieve events from the "main" index of all ingested logs
 * Outputs will be datasets such as web_traffic, firewall_logs, etc
    
SPLUNK> Events > sourcetype
 Values:
  web_traffic
  firewall_logs
  
 * firewall_logs: This data source contains the FW logs, showing the traffic allowed 
   or blocked.
 * web_traffic: This data source contains events related to web connections to/from 
   the web server
 
 * the "selected fields" section represent basic metadata about the log file itself.
PreviousINITIAL TRIAGENextEXPLORING WEB TRAFFIC

Last updated