Adding Data to Splunk

Adding Data to Splunk

Ernest Osindo Ernest Osindo

Ernest Osindo

Published Mar 16, 2026
+ Follow

Splunk can ingest any data. According to the Splunk documentation, when data is added to Splunk, the data is processed and transformed into a series of individual events. The data sources can be event logs, website logs, firewall logs, etc. The data sources are grouped into categories.

Below is a chart listing from the Splunk documentation detailing each data source category.

Article content

In this task, we're going to focus on VPN logs. We're presented with the following screen when we click on the Add Data link on the Splunk home screen.

Upload the data attached to this task and create an index "VPN_Logs".

Article content

We will use the Upload Option to upload the data from our local machine.

Practical

Download the log file VPN_logs from the Download Task Files button below and upload it to the Splunk instance we started in Task #2. If you are using the AttackBox, the log file is available in the /root/Rooms/SplunkBasic/ directory.

To upload the data successfully, you must follow five steps, which are explained below:

Select Source: Choose the Log file and the data source.

Select Source Type: Select what type of logs are being ingested, e.g, JSON, syslog.

Input Settings: Select the index where these logs will be dumped and the HOSTNAME to be associated with the logs.

Review: Review all the configurations.

Done: Complete the upload. Your data will be uploaded successfully and ready to be analyzed.

Article content
Article content


Article content



Article content


Recommended by LinkedIn

Detecting Suspicious Traffic using Splunk
Detecting Suspicious Traffic using Splunk
Andrey Smetanin 6 years ago
Escaping from Splunk
Escaping from Splunk
David Beck 10 months ago
Splunk Memory Leak Due to File Monitoring
Splunk Memory Leak Due to File Monitoring
CrossRealms International 1 year ago
Article content
Start Searching


How many events are present in the log file?

Article content
2862 events


How many log events are captured by the user Maleena?

Article content
60 events




What is the username associated with IP 107.14.182.38107.14.182.38107.14.182.38?

Article content


Article content

What is the number of events that originated from all countries except France?

Article content
2814 events

How many VPN events were associated with the IP 107.3.206.58?

Article content
14

Acknowledgement

This walkthrough and the associated screenshots are based on learning material from the TryHackMe room Splunk Basics. The exercise demonstrates how to ingest VPN logs into Splunk, create an index, and perform basic log analysis queries.

All credit for the lab environment and dataset goes to TryHackMe. You can access the original room here: https://tryhackme.com/room/splunk101


To view or add a comment, sign in

More articles by Ernest Osindo

Others also viewed

Explore content categories