FTP is one of the oldest and most rudimentary network protocols for copying data from one system to another. Before websites and HTTP, FTP was the best way to move large files across the internet. FTP is still used in organizations that need reliable, deterministic internet file transfer.
FTP traffic logs record the key elements of a file transmission, including source (client) name and address and remote user name if the destination is password-protected. Analyzing FTP servers can help security teams identify when compromised credentials are used, when abnormal traffic is coming from different locations or at odd times, and when sensitive files and document are being accessed.
When your Splunk deployment is ingesting FTP data, you can use it to accomplish security and compliance and IT Ops use cases.
Guidance for onboarding data can be found in the Spunk Documentation, Getting Data In (Splunk Enterprise) or Getting Data In (Splunk Cloud). In addition, these Splunk Add-Ons and Apps are helpful for working with FTP data.
Looking for more information on data types? Download the Splunk Essential Guide to Machine Data.