Intermediate Free

HTTP Log Analysis using Splunk

A Hands-On Lab to Detect Client Errors, Suspicious User Agents, and Malicious URIs Using Splunk SIEM

Self-Paced by Rajneesh Gupta

Overview

HTTP Log Analysis using Splunk

This project walks you through analyzing HTTP access logs in Splunk to detect anomalies, errors, and suspicious activity. You’ll ingest sample HTTP logs, learn how to detect suspicious requests, unusual HTTP methods, large file transfers, and error trends, and then visualize and alert on them.

  • Analyze HTTP request methods (GET, POST, PUT, DELETE, CONNECT, OPTIONS)
  • Detect client errors (4xx) and server errors (5xx)
  • Identify suspicious user agents (curl, sqlmap, botnet-checker, python-requests)
  • Flag suspicious URIs (e.g., /admin, /shell.php, /etc/passwd)
  • Spot large data transfers (possible exfiltration)
  • Hands-on lab using the provided http_log.json dataset:contentReference[oaicite:1]{index=1}

What You'll Learn

  • Log Ingestion & Parsing

    How to upload JSON-formatted HTTP logs into Splunk and extract relevant fields.

  • Error & Anomaly Detection

    Detect 4xx client errors, 5xx server errors, and unexpected HTTP methods.

  • Suspicious Activity Detection

    Identify suspicious user agents and malicious URIs in HTTP requests.

  • Data Transfer Monitoring

    Spot unusually large HTTP responses that may indicate exfiltration.

  • Visualization & Alerting

    Build dashboards and configure Splunk alerts for anomalies.

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.

Apache Web Server Log Monitoring using Wazuh
Pro Beginner

Apache Web Server Log Monitoring using Wazuh

Real-time detection of HTTP errors, brute-force and suspicious requests from Apache logs