Download the dataset file indicated above and check the MD5 hash to ensure integrity.
Install Splunk Enterprise and the apps/add-ons listed in theRequired Softwaresection below. It is important to match the specific version of each app and add-on.
Unzip/untar the downloaded file into $SPLUNK_HOME/etc/apps
Restart Splunk
The BOTS v2 data will be available by searching:
index=botsv2 earliest=0
Note that because the data is distributed in a pre-indexed format, there are no volume-based licensing limits to be concerned with.
Splunk Windows 버전 다운로드
BOTS 버전에 맞는 Required Software 에 있는 add-ons 다운로드 및 활성화
BOTS 버전에 맞는 Dataset 다운로드 및 압축풀기
Splunk Stop 시키기
압축 푼 Dataset 을 apps 하위 경로로 옮기기
다시 Splunk Start 시키기
index=botsv2 earliest=0 인덱스로 검색되는지 확인하기
(참고) apps 경로 및 Splunk Restart 방법
c:\Program Files\Splunk\etc\apps
cd c:\program files\splunk\bin splunk stop splunk enable webserver splunk start
