We provide virtual course about Splunk Enterprise System Administration. This training is designed for system administrators who are responsible for managing the Splunk Enterprise environment.
Content:
The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.
Course objectives:
• Understand sourcetypes
• Manage and deploy forwarders
• Configure data inputs
• File monitors
• Network inputs (TCP/UDP)
• Scripted inputs
• HTTP inputs (via the HTTP Event Collector)
• Customize the input phase parsing process
• Define transformations to modify data before indexing
• Define search time knowledge object configurations
Course outline:
Topic 1 - Splunk Server Deployment:
• Provide an overview of Splunk
• Identify Splunk Enterprise components
• Identify the types of Splunk deployments
• List the steps to install Splunk
• Use Splunk CLI commands
Topic 2 - Splunk Server Monitoring:
• Enable the Monitoring Console (MC)
• Identify Splunk license types
• Describe license violations
• Add and remove licenses
• Use Splunk Diag
Topic 3 - Splunk Apps:
• Describe Splunk apps and add-ons
• Install an app on a Splunk instance
• Manage app accessibility and permissions
Topic 4 - Splunk Configuration Files:
• Describe Splunk configuration directory structure
• Understand configuration layering process
• Use btool to examine configuration settings
Topic 5 - Splunk Indexes:
• Learn how Splunk indexes function
• Identify the types of index buckets
• Add and work with indexes
• Overview of metrics index
Topic 6 - Splunk Index Management:
• Review Splunk Index Management basics
• Identify data retention recommendations
• Identify backup recommendations
• Move and delete index data
• Describe the use of the Fishbucket
• Restore a frozen bucket
Topic 7 - Splunk User Management:
• Add Splunk users using native authentication
• Describe user roles in Splunk
• Create a custom role
• Manage users in Splunk
Topic 8 - Configuring Basic Forwarding:
• Identify forwarder configuration steps
• Configure a Universal Forwarder
• Understand the Deployment Server
Topic 9 - Distributed Search:
• Describe how distributed search works
• Define the roles of the search head and search peers
Target audience:
This course is designed for system administrators who are responsible for managing the Splunk Enterprise environment
Prerequisites:
To be successful, students should have a solid understanding of the following single-subject modules:
• What is Splunk
• Intro to Splunk
• Using Fields
• Intro to Knowledge Objects
Language:
• English course material, english speaking instructor
Certification:
This course is part of the following Certifications: Splunk Enterprise Certified Admin (SECA)