I'm glad that you enjoyed the video and thank you for the feedback! My goal is always to make videos that are easy to follow because otherwise they are worthless.

I'm glad that you enjoyed the video and thank you for the feedback!

Yup, I completely agree, especially about being much better than Splunk’s own videos!

lol right

Glad you like them!

Excellent and thank you for sharing! These are the kinds of comments I love to see.

Glad it helped!

Did you get a job since graduating and if you did, how did you pass the interviewing process without being denied?

@@MotionMasterMike Yes I got my first job last August. The interview went well it was more like a conversation rather than an interview. They only asked me two very simple technical questions. It’s been a full month now at this job.

​@@miloboy55bro i heard that there is a huge demand for the people who r very good at splunk...is it true?

@@nahidsarker69 Definitely. There are positions that hire specifically if you have Splunk knowledge. They pay extremely well.

I'm happy to hear that you found it helpful!

Welcome and I'm glad that you like the content!

would you advice entry level cyber analysts to learn splunk?

Yep thanks for sharing Bradley! Either way works I just happened to not click the actual event ID.

@@henryijeoma Splunk can be a useful thing to know but keep in mind that there's a lot to learn at the entry level before I recommend diving into a tool like Splunk. Unfortunately Splunk restricts a lot of features without a paid plan but there are also lots of alternatives out there if you just want to learn a SIEM tool.

Glad it was helpful!

You're welcome and I'm glad that you found it helpful!

Glad it helped and you are welcome!

Glad you enjoy it!

Thanks! Glad you found it helpful.

Glad you think so, and thank you for the support!

Thanks for the feedback and I'm glad that you enjoyed the video!

I'm glad that you found the content helpful...you're welcome and thank you for sharing!

Glad it was helpful!

You can get a trial of Splunk without a business email. Wazuh is another popular option that you can try. Ultimately, it's about learning a tool in the SIEM category, and not necessarily about the specific tool.

I'm glad that you enjoyed the content! The question is a challenge for YOU to research and answer, not something directed at myself.

Awesome! Thank you and glad to have you here!

Thank you and I'm glad that you enjoyed it!

Glad it was helpful! Splunk can certainly get complex the deeper that you go.

Software/applications are generally very similar when comparing locally hosted (i.e., on-premise) and cloud-based. That said, if you want to guarantee the exact same results as in this video, I recommend following the steps I have provided.

Glad it was helpful!

I'm glad that you enjoyed the video! Since I can't see your screen, it's difficult to troubleshoot the issue, but make sure you are doing everything the exact same as I do in the video, including the operating system, if you want the same results. Also remember that GUIs do change over time but Splunk has a tremendous amount of resources available on their website for reference.

@@JonGoodCyber Thank you

Glad it was helpful!

Glad you think so!

I'm glad that you enjoyed it!

Glad you think so and you're welcome!

I'm glad that you enjoyed the video!

Glad it was helpful!

I always recommend beginning with my Getting Started page ( jongood.com/getstarted/ ) and grabbing my free eBook, which includes a lot of helpful information. Additionally, my channel is full of helpful information that would be impossible to summarize in a single comment, so you just need to start working through the videos!

Glad it was helpful!

My pleasure!

For which area? Since my content is primarily around Cyber Security I'm assuming that's the area you're asking about. Specifically cloud and GRC are two of the biggest emerging areas but they aren't to be learned in a silo and you still need foundational knowledge that can be found in my eBook's roadmap ( jongood.com/getstarted/ ).

@@JonGoodCyber ty very much for the response! I'm looking at GRC and trying to narrow down a good niche to learn in that field that could allow me to find a good enrty level job soon. Trying to figure out what to focus on as to not waste any more time and get busy learning. I been watching all sorts of videos lately on here lately and maybe thats confising me more.

I can't speak for other creators but the resources are there in my content for you to follow if you're willing to put in the work.

I'm glad that you enjoyed the video!

I'm glad that the content was helpful!

By default Splunk will not ingest logs from a remote source/system. If you want to bring logs in from a remote system, you need to configure the Splunk Forwarder on that system but that is outside the scope of this video.

Glad it helped and you are welcome!

I hope the content helps you!

I'm glad that you enjoyed it! That's great...what's driving the switch?

@@JonGoodCyber I feel like I AM is really close to my first IT job and my IAM role is quite ambiguous cause I'm first a developer than slipped into IAM then want to move to SOC. Some point I can put cybersecurity and my coding skills together

@@masterchief5437 awesome stuff! I also recommend looking into DevSecOps and Application Security as those are also roles related to your background.

@@JonGoodCyber thanks for the advice!

I’m glad you enjoyed it! What do you mean?

I think he means when you make a new template , there's an "spl" part ,his was possibly not enabled to input the code , copied from earlier.

That's what happened to me !

Things shouldn't take an unreasonably long amount of time assuming there isn't a massive amount of information to ingest. Remember that the amount of resources available to the system will impact how Splunk performs.

Glad it was helpful!

I have upcoming interview scheduled this week. Can you share basic interview questions that can be asked in splunk Siem tool for security analyst position (2+year)

@@ishwaryanarayan1010 I have several videos on the channel for interview preparation and this Splunk tutorial that you should watch. Also, make sure to let me know how the interview goes and to help other people in a similar situation!

@@JonGoodCyber sure will share:)

@@JonGoodCyber Interview was good . First technical round I was nervous didn’t do as expected even for known scenarios and second round I did well . Questions asked: 2 rounds of technical Questions More on scenario based questions like attacks (phishing , malicious outbound traffic, infected hostmachine etc) and how I would approach,previous experience in handling realtime incidents,insider threat(data leakage) , threat hunting and technical questions , how I would convey technical details to non technical audience, my experience in siem tool ( log analysis etc) , splunk dashboard creation, log search queries based on scenario, diff between encryption and hashing. Still waiting for round2 results 🙏will update here regarding results and next steps

I'm glad that you enjoyed it!

I recommend following the video steps exactly including the operating system. I recently retested this for somebody and confirmed that it is still accurate, if followed as provided.

There's absolutely a ton of stuff that you can monitor and the list grows all the time. You can save the queries into dashboards, tables, etc. or of course you can save the query text and copy/paste it when you need to perform a search. Splunk indexes information but the more that it processes, the more that Splunk will charge you.

I'm not sure where that came from but that is incorrect. Of course, you're only going to get the trial version though so you will be limited in what you can do.

That is definitely something to monitor!

Excellent! I recommend grabbing my free eBook ( jongood.com/getstarted/ ) to get started.

I'm not sure what kind of tasks that you have for Quality Assurance as I work in Cyber Security but Splunk at its core is a database tool that you can use to make sense of data. You might try looking at available apps within Splunk or reaching out to Splunk directly.

@@JonGoodCyber Thank you so much for your kindly responses.

Glad you liked it!

Glad you enjoyed it!

@@JonGoodCyber I did. My company's security team just deployed it. I'm on the engineering side and want to get familiar with it.

Different operating systems function and collect logs differently. If you want to match things exactly as in this video, you need to use the same configuration described (Windows Server 2022). Microsoft has trial downloads of the operating system that you can use for free, however the setup of the operating system is outside the scope of this video.

I'm using windows server 2022, but this local event log collection is not showing. What should I do

I recommend reviewing the system requirements from Splunk ( docs.splunk.com/Documentation/Splunk/9.1.0/Installation/SystemRequirements ). I don't typically recommend server software being installed on a client operating system even if it is supported. You're much better off creating a virtual machine with a server OS and practicing that way.

You're welcome! Remember that Splunk isn't the only tool that does this stuff so try to learn a few if possible.

Glad you think so!

Thanks for sharing! Certainly those are several important events centered around user accounts. What about events regarding groups? Firewall changes? Processes starting/stopping? Logs being full? What are some of the event IDs associated to these types of events? There's even more than those that I would consider standard events that need to be monitored.

Glad it helped!

I would try restarting the system as a first step, but you might also find some useful fixes in the Splunk community forums if nobody else has seen this issue here.

I'm glad that you enjoyed it!

Thank you for the request...I always let people vote with their views as that's the best way to see which content that people enjoy!

@@JonGoodCyber in that case, 10 votes for Splunk

I never said that nor would I say that as that statement will lead you to disappointment. Frequently areas like IT, Security Operations Centers or even business analytics teams will have people responsible for managing Splunk itself but unless you have a development background or a background in that particular area, you aren't going to be very valuable/competitive. Splunk has a ton of documentation on their website so that is a good place to start practicing various exercises.

@@JonGoodCyber okay, i did a lot of coding, but im not good at coding. I'm doing a Qualys VMDR course now, I'm half confused, so I was looking to see if I should try splunk after.

I recommend checking the Splunk website for operating system compatibility. That said, you're likely going to run into differences when installing/configuring everything.

I'm glad that you enjoyed it!

Regardless of the training option, they all have limited time, and even the quality options aren't going to be able to teach you everything you'll ever need. Cyber Security is very much a career field where you need to get good at not only learning from training programs, but also from self learning if you want to be successful. I'm not sure what you mean by a "real" school/university, but just because something isn't taught in a program, doesn't mean you can avoid learning it if it's a requirement of a job. The people that are highly successful in this career field take ownership of their journey and find a way to learn what they need. As shown in this video, there's trial versions of many common commercial products that you can experiment with as well as comparable open source options, like Wazuh in this case, that will at least teach you how the category/type of tool works.

@@JonGoodCyber I agree with you! most folks know that cisco bought splunk and will be administering it soon! don't think ccna's ccnp's aren't jumping the online learning track.

@@bulcub Administering and using are certainly two different levels of knowledge, but when people are actually in a role, much of the learning comes out of necessity. Change takes time, but it's also not guaranteed that everybody running a Cisco shop will switch to Splunk.

I'm certainly not "sort of yelling" but unlike a lot of other creators, I have a high-quality microphone and record at an appropiate volume level for all speakers.

You're welcome!

I'm glad that you enjoyed it! I'm sure there are definitely SOC Analysts here.

Please I’ll be glad I I have some one to mentor i started on my own but its not easy in some parts I’m short of funds too I’ll be really happy if someone helps to get along with me 🙏🏻🙏🏻 once more I appreciate your good work sir

I'm glad that you enjoyed it.

I'm glad that you enjoyed the video!

I recommend going back through and repeating the steps exactly as provided. I just redid the steps to verify that nothing has changed and although the user interface has changed slightly, the labels and everything are still exactly the same as this video.

@@JonGoodCyber okay I’ll redo it right now

@@JonGoodCyberdo you by any chance think it’s because I have splunk on Mac book ?

Well I cannot guarantee that it'll be the same on Mac because as stated this installation was on a Windows system and Windows has different logs than MacOS. I recommend checking out the installation guide for MacOS ( docs.splunk.com/Documentation/Splunk/9.1.0/Installation/InstallonMacOS ) if you're set on running it that way. Otherwise you might consider trying the installation on Linux or Windows as it's not as likely that you're going to see Splunk installed on a Mac in the real world, at least not for the management console.

@@JonGoodCyber okay thanks the reason I use it on a Mac device because that’s all I have. But thanks for responding and helping me !!! 🙏🏼

You're so welcome!

Thank you for watching!

Those are absolutely two great things to monitor! I think breaches are fairly self explanatory but why might be looking for errors be useful?

Thanks for sharing!

Basically all commercial tools are going to force you into their system but you certainly have the choice whether or not to do so. I'm just providing training on a high-demand tool and don't benefit either way.

Although I don't know your exact scenario, anything in the private IP space should work it sounds like: -10.0.0.0 to 10.255.255.255 -172.16.0.0 to 172.31.255.255 -192.168.0.0 to 192.168.255.255

@@JonGoodCyber I'm a newbie,was doing my CompTia pentest,but couldn't really replicate the tools output (eg nmap port scans )because he was using a server to hack which showed a network rather then just my 1 router.

You're on the right track...what are some indicators that we might look for or to determine what's "unusual?"

@@JonGoodCyber what was the answer ?

@@jonasbaine3538 What do you think the answer is? This is a question for people to answer so we can discuss it, not a question for me.

Why do you think that? Sticking to extremes like just open source or just closed source...is a dangerous strategy. You can find more information about Splunk's views on open source here: www.splunk.com/en_us/blog/learn/splunk-open-source.html#:~:text=Though%20Splunk's%20core%20products%20are,it%20came%20to%20data%20platforms.

I don't understand your comment.

Thanks for watching! I wasn't shouting but I do use a volume that works for all speakers. Also, this video is over 1 year old.

My professional background speaks for itself thanks. Anyways despite the fact that it sounds like you're a Linux purist, any "real IT or cyber" person knows that you use the appropiate tool to fit a the situation and to not try to force a solution. Reviewing Windows logs is a good place to start as a large majority of systems being monitored are running the Windows operating system.

I'm glad that you enjoyed the content!