Printers There is one more topic that you can see on your screen. Homegroup settings. Now I have a surprise for you. Here we go. An update from Microsoft Homegroup has been removed from Windows Ten. Well, it might be in your exam, so we have to mention Homegroup is, you can say, an easier way to to share folders and devices in your network. It was not popular, and this is why Microsoft decided to remove it. But please make sure that you memorize that. We used to have…

Overview of file systems We are going to start the most interesting section of my course. Well, at least in my opinion, it is all about file systems, permissions and shares. Every time we think about a network and a Windows operating system, we think about files and shares. Things that we want to of course keep on our devices. And if you decide to get a job in it one day, maybe you’re working in it at the moment. This is going to be your main task every day…

NTFS and permissions Shares and permissions. When you think about a folder that you want to create on a server and share it with all your users, there are two things that you have to do. First you need to you have to share a folder and then apply something that is called NTFS permissions. When you check on our screen, you will see that we have shared permissions. And there are three permissions that you can go for full control, change and read to make it pretty easy for…

Editing Splunk alert and Alerts Actions So once we have created and if you want to identify where your alerts are located, go to alerts at any moment of time. You can edit these alerts by going to your Alerts tab. As you can see, this is our only alert that has been created. Click on Status, that is the alert name and you can edit this alert any moment of time what actions it should be taken and you can see the search query. By opening in Search, you’ll…

Creating Macros in Splunk The next knowledge object in our discussion is the macros. The macros in Splunk are similar to macros in Excel where it is a small piece of code which will be reused multiple times. Instead of rewriting all the search query here we will be using macros to reuse the search of multiple times in multiple places. In this example we will see how to create a small piece of macro, how we can share these objects to other Splunk users so that they can start…

Tags Creation The next knowledge object in our discussion is Tags. Tags are also one of the knowledge objects which are used to enrich the data in Splunk. The tags can be used only with the field value combination. We will see, when we are creating tags, it always requires a field name and the value that that is expected for this tag to be applied. It is always created for a field value pair and you can always assign any number of tags to a fields or Event values….

Props Extract Command Since we have seen how to extract fields using interactive field extractor and how to use Rex command to extract the fields on the fly that is on the searcher and how to use Rejects in our searches. Now let’s see how to make this field extraction permanent so that any user should be able to view these fields and make visualization based on these fields. To make that we need to edit Propsandranscopes. To edit, let me go to our searcher. This is our searcher. I’m…

Source Parameter Explaination The next one of the default field is the source field which is similar to our source type field but it typically holds the location information of the logs. But this can be renamed to hold much more meaningful instead. Of just the location of the logs like the method used for collection of the logs for example, like Bash Python API or PowerShell this can be renamed to hold much meaningful information we’ll see from our Windows locks the last 24 hours that are collected from…

Uploading Data to Splunk We will be seeing more about post installation, that is, configuration steps that are carried out in Splunk. Throughout this module we’ll be using three components of Splunk which are hosted in our Amazon AWS Data Index search and our Universal Forwarder which is as part of our local installation which will simulate a real time experience of sending the logs from our local PC to our cloud instance that are hosted, searched and the indexer. Throughout this course we will be seeing somehow common and…

Out Of The Box Dashboards Examples In order to learn more about visualization in Splunk, we need to know more about the dashboards available and the capability of accommodating out of box visualization inside Splunk. For that we have an app called Splunk Dashboard Examples So which contains lot of inbuilt app and their queries and how you can customize this inbuilt visualization into much more complex visualization we will see in our lab. We have installed this app as part of this discussion we’ll be going through all the…