What is Splunk? — Basic Understanding

So hi! In this article, we will understand the basic terminology of Splunk like what it is and how useful it is in the world of cyber security or SOC analyst? few! a lot of questions to answer :)

What is Splunk?

First and foremost important question what is Splunk? right.

Splunk is a company specializing in data using it and processing it.

So Splunk company’s software is that software that converts the raw unstructured machine data into useful information. It takes the data that is difficult to handle (trust me so boring to read manually ) and makes it usable in many forms depending on the need like Reporting, SIEM, Threat hunting, etc., etc.

Why Splunk and how it is helpful?

Before going to that question consider yourself as reading windows event logs or any other that where and what happened wrong or your system hardware that what happened reading each line of a bunch of logs looking for a needle in corn Stover right. So that’s where Splunk plays the role it takes that whole data, performs its processing, and converts that large amount of data into useful information.

Splunk has the ability to real-time monitor, segregate, extract, and classify generated data by visualizing it in the form of charts called Dashboard.

A Splunk interface example

Splunk has a different kind of version also called Flavors

→Splunk Enterprise-

→Splunk Lite

→ Splunk Cloud

These are the most commonly known Flavors also there are others like Splunk Enterprise Security and Splunk Industrial IoT.

I hope you got A little basic idea of Splunk like what is and how useful it can be in your day-to-day task.

Later on, covering the in-depth role of Splunk as a SOC Analyst point of view

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store