The Kimchi King created to EC2 instances one as a Splunk Enterprise Server and another as a Splunk Universal Forwarder (Ideally this is also one of the web servers hosting the kimchimenow.com web application). The Kimchi King is interested in having alerts trigger when there are three consecutive login failures to the server. He also wants to get alerts if there is any user logging into the servers after normal business hours (although there is a dream of a world where one may get kimchi anytime anywhere). The Kimchi King also desires to capture all sorts of metrics leveraging various types of charts Splunk has to offer. Example he would like to see a Pie, Column, Bar, Area, and Line chart in one dashboard along with the other alerts.
Notion Notes – Documentation on some of the steps involved in setting this up.
Link to PDF of the Kimchi Me Now Dashboard - 2022-12-17 - Kimchi Me Now Dashboard - Splunk.pdf
Supplemental Notes - Documentation that may be useful for learning