Task 1: Identify Machine Names

Step 1

• Start your Ubuntu machine, click Activities, search for the terminal, and open it.

Step 2

• Use the command hostname to display the machine’s name.
• Write down the name for later use.

Step 3

• Start the Windows 10 machine, search for CMD, and open it.

Step 4

• Use the command hostname to display the machine’s name.
• Write down the name for later use.

Task 2: Use Operators to Display Logs

Step 1

• In your Ubuntu machine, use the command sudo /opt/splunk/bin/splunk start to start the Splunk daemon.

Step 2

• Click the Firefox icon in the panel on the left, and browse to 127.0.0.1:8000.
• Sign in with username admin and password Aa123456.

Step 3

• Click Search & Reporting.

Step 4

• Use the query host IN (“<Windows 10 PC name>”, “”) to display logs from both the Windows and Ubuntu machines.
• Note: This is possible using the IN operator.

Step 5

• Use the query source = "/var/log/apache2/access.log" AND (status_code=200 OR status_code=404) to display Apache service access logs with codes 200 and 404.

Step 6

• Use the query source = "/var/log/apache2/access.log" AND status_code=200 to display only Apache logs with status code 200.

Step 7

• Use the query source = "/var/log/apache2/access.log" NOT request_url = "/random" to search for Apache access logs that are not located in the path /random.