Splunk at Penn
Splunk is a powerful tool for collecting and analyzing machine data. At Penn, Splunk is a critical component of the Security Logging Service. To learn more about how Splunk can be used to understand system events, visit Splunk's website on machine data. Access to Penn's Splunk service is restriced to authorized IT and departmental staff.
Getting Started with Splunk
The first step to using Splunk to analyze your servers' activity is to work with the ISC Splunk team to configure the connections between your system and the Splunk server. The basic workflow involves the following steps:
- Contact SPLUNK-SUPPORT@lists.upenn.edu with the following information:
- The number of hosts you'd like to have submit logs.
- The operating systems your hosts are running.
- The file system, network and application logs you'd like to send to the Service.
- The approximate daily volume of log data you anticipate sending to the Service.
Once the Splunk team has confirmed it's ready to accommodate your systems in Splunk,
Install the Splunk forwarder on your server. You can find the instructions here (available with PennKey login).
Convert your SSL cert into “.pem” per the instruction from box
Send email to SPLUNK-SUPPORT@lists with the following additional information:
- The name of the system(s), and IP addresses or IP range of the systems that will be forwarding data to Splunk
- The PennKey names and e-mail addresses of the users that will need access to the Splunk user interface, as well as their workstation IP addresses or IP range
Help Using Splunk
- SPLUNK-SIG@lists.upenn.edu : Distribution list used to facilitate communication and collaboration among Splunk users at Penn.
- SPLUNK-SUPPORT@lists.upenn.edu : Individuals with questions about or problems using ISC's Splunk service should contact the support team at this address.
- Splunk Answers: Online community forum for Splunk users around the world
- Splunk.com videos:
Information about training options may be found on the Splunk Education site.
Information Systems and Computing, University of Pennsylvania