A cybersecurity project focused on Apache web server log analysis using Splunk dashboards.
This lab demonstrates how to monitor web requests, analyze response patterns, detect client/server errors, and visualize hits from different countries.
To build a Splunk dashboard that provides clear insights into Apache web traffic β helping identify trends, request sources, and possible anomalies.
- Tool: Splunk Enterprise
- Dataset:
apache_logs.json - Host:
kali - Sourcetype:
_json
- Go to Edit Dashboard β Add Input β Select Time
- Set Label:
Time Range - Set Token:
time_range - Add a Submit button
- Use
time_rangein every panel for consistent filtering
Goal: Get a quick overview of how the web server is performing.
source="apache_logs.json" host="kali" sourcetype="_json"
| stats count as "Total Web Requests"
source="apache_logs.json" host="kali" sourcetype="_json" method=GET status=200
| stats count as "Successful Response"
source="apache_logs.json" host="kali" sourcetype="_json"
| where status>=400 and status<500
| stats count as "Client Errors"
source="apache_logs.json" host="kali" sourcetype="_json"
| where status>=500 and status<600
| stats count as "Server Errors"
Goal: Understand which pages are most active and where requests are coming from.
source="apache_logs.json" host="kali" sourcetype="_json"
| stats count as "Hits" by uri
source="apache_logs.json" host="kali" sourcetype="_json"
| stats count as IP by ip
source="apache_logs.json" host="kali" sourcetype="_json" method=GET
| table ip
| iplocation ip
| stats count by Country
| geom geo_countries featureIdField="Country"
Special thanks to Rajneesh Gupta for the dataset and guidance.
This project helped me:
- Visualize Apache web server activity using Splunk
- Detect HTTP errors and request trends
- Map client IPs to their geographical origins
#Splunk #CyberSecurity #SIEM #ApacheLogs #SOC #WebSecurity #LearningByDoing