Skip to content

krdmnbrk/splunk-evtx-onthefly

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
evtx_files
evtx_files
 
 
images
images
 
 
splunk_configs
splunk_configs
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

splunk-evtx-onthefly

Deploy a Splunk, convert EVTXs, send Splunk in 2 minutes.

Note: It depends on your connection speed :)

Note 2: If you are using Apple Silicon processors (M1, M2), unfortunetaly you cannot use this repo because Splunk's docker image does not support M1-M2.

Usage

It requires docker compose installation.

  1. Put your evtx files into "evtx_files" directory.
  2. Run docker compose up in the main directory.

It will download some images from Docker Hub and deploy a Splunk environment that already contains evtx logs.

To reach Splunk, go to http://localhost:8000

Username: admin

Password: evtxonthefly

Data can be searched by using index=wineventlog.

Windows logs

The Splunk also contains a main dashboard that shows some data about your evtx files.

Splunk EVTX Dashboard

To destroy environment

Stop docker compose by pressing CTRL + C.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages