Splunk at Penn

Splunk is a powerful tool for collecting and analyzing machine data. At Penn, Splunk is a critical component of the Security Logging Service. To learn more about how Splunk can be used to understand system events, visit Splunk's website on machine data. Access to Penn's Splunk service is restricted to authorized IT and departmental staff.

• Splunk login (PennKey access only)

The first step to using Splunk to analyze your servers' activity is to work with the ISC Splunk team to configure the connections between your system and the Splunk server.

Submit a request via help@isc to send the following information to the Splunk Support team:

• The number of hosts you'd like to have submit logs.
• The operating systems your hosts are running.
• The file system, network and application logs you'd like to send to the Service.
• The approximate daily volume of log data you anticipate sending to the Service.

The following contact methods are available to get help in using Splunk at Penn:

• SPLUNK-SIG@lists.upenn.edu : Distribution list used to facilitate communication and collaboration among Splunk users at Penn.
• SPLUNK-SUPPORT@isc.upenn.edu : Individuals with questions about ISC's Splunk service should contact the support team at this address.
• HELP@isc.upenn.edu : Submit requests for help with the Splunk service via ISC's help desk.

Additional resources from the vendor:

• Splunk Answers: Online community forum for Splunk users around the world
• Splunk.com videos:
  • Splunk Enterprise 6 Basic Search - a short search tutorial
  • Using Fields in Splunk Enterprise 6 - a primer on how to use Splunk's field extractions
  • Dashboarding Fun In Splunk Enterprise 6 - introduction to building visualizations and interactivity on dashboards
• Information about training options may be found on the Splunk Education site.
• There may be Internet2 training options as well - refer to Internet2's Splunk Blogs page.

Documentation is available at these external resources:

• Splunk's Quick Reference Guide
• Splunk Search manual
• Search Processing Language reference
• Exploring Splunk
• Other Splunk Enterprise documentation

A monthly Security Logging Q&A session is held on the second Thursday of the month. The session is a dedicated opportunity to speak to the Office of Information Security (OIS) about the security logging capabilities of ISC's Data Analytics Service, and security logging in general. In each session, OIS will answer your questions and help you work through your use cases. 

Location: Virtual via MS TEAMS

Time: 1:30 PM - 3:00 PM

Date: Every second Thursday of the month 

Registration: Please contact security@isc.upenn.edu to request an invitation to the Security Logging Q&A sessions. 

• Information Security Main Page
• ISC Data Analytics Services
• Information Security Training & Awareness
• Splunk
• Contact OIS