LSI Learn Splunk India Labs and blueprints

Hands-on layer

Build evidence, not just notes.

These lab blueprints are designed to turn theory into demonstrable skill while keeping a home setup simple and security-conscious.

Foundation

Simple secure home-lab blueprint

Minimum setup

  • One local Splunk instance or training environment
  • Sample logs from Windows, Linux, or web applications
  • A notebook for searches, field meanings, and expected results
  • No public exposure of admin interfaces

Data sources worth practicing with

  • Windows authentication logs
  • Sysmon process creation data
  • Apache or Nginx access logs
  • DNS query logs if available

Exercises

Practical lab ideas

Lab 1: Failed logins

  • Question: which accounts fail most often and from where?
  • Output: ranked table, time trend, and alert threshold recommendation.
  • Skill focus: filtering, grouping, time analysis, false-positive thinking.

Lab 2: Web server health

  • Question: which hosts or paths produce the most 4xx and 5xx errors?
  • Output: dashboard with host, URI path, and status-code trends.
  • Skill focus: `stats`, `timechart`, prioritization.

Lab 3: Process anomaly review

  • Question: which executables are rare or running at suspicious times?
  • Output: rarity search plus analyst notes about likely noise.
  • Skill focus: field extraction, baselining, triage.

Lab 4: BOTS investigation

  • Question: can you follow the storyline of a simulated compromise?
  • Output: timeline, findings, and recommended containment steps.
  • Skill focus: hypothesis-driven search and report writing.

Capstones

Small projects worth showing

Operations-focused project

Build a service health dashboard that highlights HTTP errors, response anomalies, and outage signals by host and application path.

Security-focused project

Build an authentication monitoring pack with searches for password spraying, off-hours access, and repeated account lockouts.

Executive summary project

Create a one-page summary that explains what the data says, what matters now, and what should happen next.

Admin discipline project

Document a secure setup checklist covering access control, data onboarding standards, app hygiene, and exposure boundaries.