Successfully Downloaded & installed the splunk enterprise and forwarder .deb files in host os and vm os respectively.

Configured Splunk Enterprise in Main OS

Adding the receiving port in the Splunk Enterprise as 9997:

Configuring Splunk Forwarder in VM OS:

Sending Logs to Splunk Enterprise:

Port forwarding to Splunk Enterprise from linux is succesful

Splunk Overview

Advantages

Easy Data Collection: Splunk efficiently gathers data from various sources, making it simple to handle information from servers, networks, and applications.

User-Friendly Search: Splunk's search and analysis are user-friendly, allowing both ad-hoc searches and saved dashboards for quick insights.

Flexible Deployment: Splunk can be deployed on-premises, in the cloud, or in a hybrid setup, providing deployment flexibility.

Interactive Visualization: Splunk offers visually appealing charts and graphs, allowing users to customize visualizations for better data understanding.

Disadvantages

Cost Consideration: Splunk's licensing costs may be a concern for budget-conscious organizations.

Resource Requirements: Running Splunk may require significant resources, especially in large-scale deployments.

Learning Curve: There might be a learning curve for new users to grasp the Splunk Processing Language (SPL) and the overall environment.

Key Features

Efficient Data Indexing: Splunk optimizes data storage with its proprietary indexing format.

Data Forwarding and Collection: Splunk excels in collecting and forwarding data from various sources, ideal for distributed environments.

Real-time Monitoring: Splunk enables real-time monitoring of logs and events for quick detection of anomalies.

Alerting and Dashboards: Users can set alerts based on specific criteria and create visually appealing dashboards.

Security and Compliance: Splunk includes features for ensuring security and compliance by monitoring and analyzing logs for potential threats.