Splunk Basics Course

Name: Splunk Basics Course
Rating: 4.7 (442 reviews)

Complete hands-on tutorial about the process of logging and monitoring using the amazing and agile tool Splunk

Created byAhmed Elakwah

Last updated 1/2026

English

What you'll learn

ICT Logging and monitoring basics
How to make logs work for you and get notified if something went wrong
Visualize data received from any log source in very simple steps
Build a small computer LAB that consists of a Splunk server, Apache web server and Fortigate firewall virtual appliance
Install and configure Splunk Enterprise and Splunk Universal Forwarder
Know the different deployment types of Splunk
Collect logs from remote nodes using Splunk Universal Forwarder
Collect logs from Syslog devices like Fortigate firewall
Search and explore data on Splunk
Extract fields and add knowledge to data
Quick introduction to Splunk Search Processing language (SPL)

Course content

7 sections • 20 lectures • 1h 53m total length

Introduction to the course1:28
A little bit about me and my story with Splunk and why am I teaching this course.
Course structure3:08
In this lecture, we will have a quick overview of the course structure and a quick look at the lab components.
Udemy 101: Getting the most from this course1:24
Some useful tips while using course player.

Installing VMware Workstation Player1:51
In this lecture, we will download and install VMware Player as it will host all our virtual machines and virtual appliance in this course.
Installing Ubuntu virtual machines7:38
In this lecture, we will deploy the Ubuntu Linux operating system for Splunk server and Apache server.
Also, we will login for the first time to the newly deployed machines, default password for osboxes user is osboxes.org
Assign Static IPs to Ubuntu machines and change default password8:03
In this lecture, we will assign static IPs for our machines and we will change the default password for osboxes user.
Downloading Splunk and installing Apache server5:45
In this lecture, we will download Splunk packages for Splunk main server and Splunk universal forwarder that will collect logs from the Apache server and forward it to Splunk main server.
Also, we will install the Apache webserver to have it ready for the next lectures.
Importing Fortigate Appliance4:34
In this lecture, we will import Fortigate virtual appliance into VMware Player, and set a static IP and default gateway for the virtual appliance.

Installing Splunk and Splunk Universal Forwarder7:48
In this lecture, we will install Splunk Enterprise software on Splunk server machine, and install Splunk Universal Forwarder on the Apache server machine.

Note:
When the course was recorded Splunk version was 8.0.4.1, On 10-09-2022 I validated Splunk Enterprise 9.0.1 on my own test lab and the steps and instructions in this course still apply.
Deployment types4:03
In this lecture, we will talk about different deployment types of Splunk.
Configure Splunk to receive logs10:48
In this lecture, we will upload a sample log file to Splunk and explore this data from Splunk web interface.
Also, we will configure required network ports on Splunk server to receive data from Syslog feed (Fortigate appliance) and from Apache server (using Splunk Universal Forwarder).

Search and explore data on Splunk3:40
In this lecture, we will login to Splunk server web interface to explore the data we on sent to Splunk in previous lectures.
Extract fields and add knowledge to data12:28
In this lecture, we will extract the fields of Apache access logs using:
Splunk Interactive Field Extractor (IFX)
Regular expressions
Splunk Search Processing Language (SPL)2:19
In this lecture, we will have a quick introduction to Splunk SPL "Search Processing language" with some examples.

Creating reports and dashboards10:44
In this lecture, we will create reports based on the data we received from Fortigate firewall and Apache web server, then we will place these reports into two different dashboards:
Firewall stats
Apache stats
Creating alerts6:44
In this lecture, we will learn about one of the most important features of Splunk which is the Alerting but unfortunately, it is not available in the free license of Splunk, but we can use it in the trial version for 60 days.
We will configure our alert to be sent to "Triggered Alerts" page and also to be sent to an email.

Requirements

Some prior knowledge about Linux operation system
You'll need a desktop computer (Windows, Mac, or Linux) capable of running 3 virtual machines. The course will walk you through installing the necessary free software.

Description

Machines are trying to tell us something through logs, so they are a very valuable resource for IT departments to ensure that everything is working as expected and to give us an idea of what is going on in our IT environments which will help to respond faster to incidents.

In this hands-on course, we will learn how to set up a small virtual LAB to simulate real-world logging and monitoring scenarios, where we will collect logs from Apache web server and Fortigate firewall and send them to Splunk for storage, analysis, visualization and alerting.

I selected these two log sources specifically because they represent the majority of log sources you will find in your environment, so you can follow the same steps in the course to integrate different log sources in the future.

There are more complex log sources to integrate like logs that are pulled from database but they are not suitable to be discussed in an introductory course.

After we onboard logs to Splunk, we will search and explore data we received then we will add knowledge to it by extracting interesting fields in these logs.

At this point, our logs will be ready to be treated by Splunk Searching Processing Language (SPL) to create reports, dashboards, and alerts.

This course will make you ready to dig deep into more advanced topics of Splunk administration like,

High availability
Indexers clusters
Search head clusters
Deployments servers
Splunk Apps
Advanced SPL

But you have to walk before you run, so my vision for this course is to master the basics first to break the ice.

Note:

When the course was recorded Splunk version was 8.0.4.1, On 10-09-2022 I validated Splunk Enterprise 9.0.1 on my own test lab and the steps and instructions in this course still apply.

Who this course is for:

Security engineers
IT Administrators
Security operations center engineers
Security incident handlers
Systems administrators
Anyone wants to explore huge log files/feeds
Anyone interested to learn Splunk

Splunk Basics Course

What you'll learn

Explore related topics

Course content

Introduction3 lectures • 6min

Preparing LAB5 lectures • 28min

Installing Splunk3 lectures • 23min

Getting data in2 lectures • 21min

Searching and exploring logs3 lectures • 18min

Reporting and monitoring2 lectures • 17min

Keep learning2 lectures • 1min

Requirements

Description

Who this course is for: