Splunk Test Lab

By Using Docker Container and VMware we will setup a test environment to test and learning about Splunk

~~This is a test environment setup that will use SC4S (Syslog Connect For Splunk) as a main way to forward log even if it is Windows event logs~~

UPDATED: don't do this, do forward windows event log to SC4S -> Please, don't, SC4S is for SYSLOG and SYSLOG only -> so you better using Cribl to act as a intermediate forwarder

Windows 10/11 machine
Docker container installed
Splunk Enterprise image
SC4S image
Nxlog Forwarder

Topology

All right why the heck I install Cribl or SC4S, why don't just forward directly to Splunk ES, Am I stupid or what?

Here a thing

PreviousSplunk Learning Experience NextData Collection Tier (How to get the data)

Last updated 2 years ago

Was this helpful?