Open in app

Sign in

Write

Sign in

Splunk Installation on Windows and Logs Monitoring

Suhailmalik
3 min readMay 20, 2024

--

Introduction

Splunk is one of the most popular SIEM (Security Information and Event Management) tools available, known for its powerful usability despite its high cost. In this guide, we’ll walk through the steps to install Splunk on a Windows machine and demonstrate how to monitor logs.

Step-by-Step Installation Guide

1. Download Splunk:

  • Open a web browser and navigate to splunk.com.
  • Reject the cookies and go to the ‘Products’ section.
  • Click on ‘Splunk Enterprise’ and select ‘Free Trial’.
  • Sign up to download Splunk for free.
  • Choose the Windows version and hit download.
  • Agree to the terms and conditions to access the download link.

2. Install Splunk:

  • Locate the downloaded Splunk MSI file in your Downloads folder.
  • Double-click the file and select ‘Run’.
  • Accept the license agreement.
  • Customize the installation location if desired, or proceed with the default settings.
  • Choose ‘Local System’ for the account type unless you’re in an enterprise environment, in which case you should select ‘Domain Account’.
  • Enter a username (e.g., Bobby) and create a password.
  • Opt to create a shortcut menu and click ‘Next’.
  • Wait for the installation to complete, which may take 5–10 minutes.
  • Ensure ‘Launch browser with Splunk Enterprise’ is checked and hit ‘Finish’.

3. Initial Setup and Data Upload:

  • Splunk will open in your selected browser at localhost:8000.
  • Log in using the username and password created during installation.
  • To add data, click on ‘Add Data’ and select ‘Monitor’.
  • Choose ‘Local Event Logs’ to monitor logs on your machine.
  • Select the logs you’re interested in, such as ‘Application’, ‘Security’, and ‘System’, then click on next.
  • Leave the host field value as default and choose ‘Main’ for the index.
  • Click ‘Review’ and then ‘Submit’.

4. Searching Data in Splunk:

  • Skip the tour if prompted.
  • Begin searching your data. For example, type 4688 to search for event ID 4688.
  • Explore the events and enjoy the powerful search capabilities of Splunk.

Conclusion

Splunk is a robust tool for managing and searching through log data, making it a favorite among many organizations despite its cost. With hands-on experience, navigating and utilizing Splunk becomes intuitive. If you found this guide helpful, please like this article.

Credits

This article is based on the instructional video by MyDFIR youtube channel.

Splunk Enterprise
Security Operations
Windows Security
Log Monitoring
Siem

--

--

Suhailmalik

Written by Suhailmalik

19 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams