This repository features a collection of hands-on projects focused on analyzing different types of logs using Splunk SIEM. Each project includes clear, step-by-step guidance on uploading sample log files, conducting targeted analysis, and extracting meaningful insights from various log sources.
🛡️ Responsible Use
This repository is intended for educational and defensive cybersecurity purposes only. The techniques demonstrated are meant for security monitoring, threat detection, and SOC analyst training in authorized environments only.
⚠️ Important: Perform all labs in a virtual machine (VM) using platforms such as VirtualBox or VMware Workstation. Do not run these labs on your host or work computer.
⚠️ Data Privacy & Security Notice: All log files used in these projects are sample or sanitized logs. Do NOT upload real organizational logs that contain:
- Internal IP addresses
- Usernames
- Email addresses
- Hostnames
- Sensitive business data
These projects are designed for:
-
SOC Analyst training
-
Cybersecurity students and beginners
-
Anyone learning Splunk SIEM fundamentals
-
Hands-on practice with log analysis and detection techniques
- Analyzing DNS Logs Using Splunk SIEM: This project provides a step-by-step guide for analyzing DNS (Domain Name System) log files using Splunk SIEM. It covers uploading sample log files, extracting relevant fields, analyzing DNS query patterns, detecting anomalies, and monitoring DNS traffic.
- Analyzing DHCP Logs Using Splunk SIEM: This project offers guidance on analyzing DHCP (Dynamic Host Configuration Protocol) log files using Splunk SIEM. It covers uploading sample log files, extracting fields, analyzing IP address assignments, detecting anomalies, and monitoring DHCP traffic.
- Analyzing HTTP Logs Using Splunk SIEM: This project outlines the process of analyzing HTTP (Hypertext Transfer Protocol) log files using Splunk SIEM. It covers uploading sample log files, extracting relevant fields, analyzing HTTP request patterns, detecting anomalies, and monitoring HTTP traffic.
- Analyzing SSH Logs Using Splunk SIEM: This project provides a comprehensive guide for analyzing SSH (Secure Shell) log files using Splunk SIEM. It includes steps for uploading sample log files, extracting fields, analyzing SSH activity patterns, detecting anomalies, and correlating SSH logs with other data sources.
- Analyzing FTP Logs Using Splunk SIEM: This project guides you through analyzing FTP (File Transfer Protocol) log files using Splunk SIEM. It includes steps for uploading sample log files, extracting fields, analyzing FTP activity patterns, detecting anomalies, and monitoring FTP traffic.
- Analyzing Tunnel Logs Using Splunk SIEM: This project demonstrates how to analyze tunnel log traffic (e.g., GRE, IPv4, IPv6) from Zeek IDS using Splunk SIEM. It covers uploading sample log files, performing analysis, detecting anomalies, and correlating tunnel logs with other logs for enhanced threat detection.
- Analyzing SMTP Logs Using Splunk SIEM: This project provides a structured approach for analyzing SMTP (Simple Mail Transfer Protocol) log files using Splunk SIEM. It includes steps for uploading sample log files, extracting fields, analyzing email traffic patterns, detecting anomalies, and monitoring SMTP activity.
This is an open learning resource. Contributions are welcome!
If you spot an error, want to improve a chapter, or would like to add practice questions:
- Fork this repository
- Create a branch (
git checkout -b fix/chapter-1-typo) - Commit your changes (
git commit -m 'Fix: corrected OSI layer description') - Push to the branch (
git push origin fix/chapter-1-typo) - Open a Pull Request
⭐ If this repo helps your studies, please give it a star — it helps others find it!
I'm a cybersecurity apprentice documenting my journey into the field. Let's connect!
This project is licensed under the MIT License — see the LICENSE file for details.
All content is for educational purposes only. Splunk® and Splunk SIEM® are registered trademarks of Splunk, Inc.
📡 Built with curiosity, discipline, and a lot of coffee ☕
*Last Updated: 2026 | Splunk Core