Build Your Lab: Splunk Installation

How to add a Splunk server and forwarders to your clients

In this video tutorial we are demonstrating how to install a Splunk server and clients within your lab environment in order to forward Windows event logs to your server in real-time. We’ll do this in our Medium Lab build, which includes a Windows client and Windows Domain Controller, but instructions apply to any Windows system. The Splunk server is going to be installed on our host system, which is also Windows based. We’ll be switching to the Splunk Free license that won’t expire. Alternatively, you can apply for a developer license.

Prerequisites:

  • One or more Windows VMs to collect event logs from.
  • One Windows System to install the Splunk server and receive logs with at least 4GB RAM.
  • Splunk account to download installation files.

Files:

				
					# All Windows Event logs

[monitor://C:\Windows\System32\Winevt\Logs\*.evtx] 
disabled = false
index=winevtx

Lab Infrastructure

Scroll to Top

Training Waitlist

Join our waitlist and get notified when training becomes available.

Contact Information
Professional Experience
I'm interested in

*By submitting this form, you’re agreeing that we will contact you and to receive our free email newsletter. (You’ll never be spammed and you can unsubscribe at any time.) We do not share your information with third-parties.