Here is a screen recording of the start of my cyber security lab that includes a Windows server (2022) which has a Splunk-forwarder installed, and a Netspectrum Ubuntu 22.04 which has Splunk Enterprise installed. Both are set up under the same VPC and all logs from the Windows server are sent through the splunk-forwarder to Splunk Enterprise on the Ubuntu instance. In this recording I am making sure everything is installed and ready to go. As I search through the data in Splunk I search to find Windows event code 4672 (admin login), to then create a graph and add it to a new dashboard.