Beginner Pro

Deploying Splunk Universal Forwarder on Ubuntu Machine

Collecting and Forwarding Logs from Ubuntu to Splunk Indexer

Self-Paced by Rajneesh Gupta

Overview

This project guides you through installing and configuring the Splunk Universal Forwarder (UF)
on an Ubuntu server. The Universal Forwarder is a lightweight Splunk agent that collects logs from

By the end of this project, you will:

  • Deploy the Splunk UF on Ubuntu 20.04/22.04.
  • Configure UF to forward system logs and custom application logs.
  • Validate that logs are successfully ingested into Splunk.

What You'll Learn

  • Splunk Universal Forwarder Basics

    Understand the role of UF in log collection and forwarding to Splunk.

  • Installation & Configuration

    Learn to install Splunk UF on Ubuntu, set it up as a service, and configure inputs/outputs.

  • Log Forwarding

    Configure UF to forward /var/log/syslog, /var/log/auth.log, and custom log files.

  • Validation in Splunk

    Confirm forwarded data is searchable in Splunk via specific indexes and sourcetypes.

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.

Apache Web Server Log Monitoring using Wazuh
Pro Beginner

Apache Web Server Log Monitoring using Wazuh

Real-time detection of HTTP errors, brute-force and suspicious requests from Apache logs