Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Splunk Administration

Splunk is software that indexes, manages and enables you to search data from any application, server or network device in real time.

The Splunk Enterprise System Administration training course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.

The Splunk Enterprise Data Administration training course is designed for administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.

The Splunk Cloud Administration training course prepares administrators to manage users and get data in Splunk Cloud. Topics include data inputs and forwarder configuration, data management, user accounts, and basic monitoring and problem isolation. The focus in this class is the knowledge, best practices, and configuration details for Splunk Cloud.

For Splunk Enterprise System Administration course:
  • Knowledge of Splunk Fundamentals
For Splunk Enterprise Data Administration course:
  • Knowledge of Splunk Fundamentals
  • Splunk Enterprise System Administration
For Splunk Cloud Administration course:
  • Knowledge of Splunk Fundamentals

The Splunk Administration class is ideal for:

  • Specific roles such as Splunk Administrator, Developer, User, Knowledge Manager, or Architect.

COURSE AGENDA

Splunk Enterprise - System Administration
(Duration : 2 Days)

1

Splunk Deployment Overview

  • Provide an overview of Splunk
  • Identify Splunk components
  • Identify Splunk system administrator role
  • Identify Splunk installation steps
  • Use Splunk CLI
  • Enable the Monitoring Console (MC)
2

License Management

  • Identify license types
  • Describe license violations
  • Add and remove licenses
3

Splunk Apps

  • Describe Splunk apps and add-ons
  • Install an app on a Splunk instance
  • Manage app accessibility and permissions
4

Splunk Configuration Files

  • Describe Splunk configuration directory structure
  • Understand configuration layering process
  • Use btool to examine configuration settings
5

Splunk Indexes

  • Learn how Splunk indexes function
  • Identify the types of index buckets
  • Create new indexes
  • Identify the advantages of using multiple indexes
  • Monitor indexes with Monitoring Console (MC)
6

Splunk Index Management

  • Manage indexes with Splunk web
  • Describe indexes.conf attributes and stanzas
  • Customize index retention policies
  • Back up indexes
  • Delete events from an index
  • Restore frozen buckets
7

Splunk User Management

  • Add Splunk users using native authentication
  • Describe user roles in Splunk
  • Create a custom role
  • Splunk authentication options
8

Configuring Basic Forwarding

  • Identify forwarder configuration steps
  • List Splunk forwarder types
  • Configure the forwarder
  • Identify forwarder configuration files
9

Distributed Search and Splunk Diag

  • Describe how distributed search works
  • Explain the roles of the search head and search peers
  • List search head scaling options
  • Describe a Splunk diag
  • Generate a Splunk diag
Splunk Enterprise - Data Administration
(Duration : 3 Days)

1

Introducing Splunk Data Administration

  • Provide an overview of Splunk
  • Describe the four phases of the distributed model
  • Identify Splunk configuration files and directories
  • Describe index-time and search-time precedence
  • Use btool to retrieve configuration information
2

Getting Data In – Staging

  • List the four phases of Splunk Indexing
  • Describe data input types and default metadata settings
  • Describe differences between the input and parsing phase
  • Configure initial input testing with Splunk Web
3

Forwarder Configuration

  • Understand the role of production indexers and forwarders
  • Understand the functionality of Universal Forwarders
  • Configure forwarders
  • Identify additional forwarder options
4

Heavy Forwarders & Forwarder Management

  • Describe what the heavy forwarder is and use cases
  • Perform heavy forwarder configuration
  • Deploy an app to the heavy forwarder
  • Describe Splunk Deployment Server (DS)
  • Manage forwarders using deployment apps
  • Configure deployment clients and client groups
  • Monitor forwarder management activities
5

Monitor Inputs

  • Create file and directory monitor inputs
  • Use optional settings for monitor inputs
  • Deploy a remote monitor input
6

Network and Scripted Inputs

  • Create network (TCP and UDP) inputs
  • Describe optional settings for network inputs
  • Create a basic scripted input
7

Windows and Agentless Inputs

  • Identify Windows specific inputs.conf stanzas and attributes
  • Understand and configure Splunk HTTP Event Collector (HEC) agentless input
  • Monitor HEC using MC (Monitoring Console)
8

Fine-tuning Inputs

  • Understand the default processing that occurs during input phase
  • Configure input phase options, such as sourcetype fine-tuning and character set encoding
9

Parsing Phase and Data Preview

  • Understand the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Explain how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase
10

Manipulating Raw Data

  • Explain how data transformations are defined and invoked
  • Use transformations with props.conf and transforms.conf to:
    • Mask or delete raw data as it is being indexed
    • Override sourcetype or host based upon event values
    • Route events to specific indexes based on event content
    • Prevent unwanted events from being indexed
  • Use SEDCMD to modify raw data
11

Supporting Knowledge Objects

  • Define default and custom search time field extractions
  • Define the pros and cons of index time field extractions
  • Configure indexed field time extractions
  • Describe default search time extractions
  • Manage orphaned knowledge objects
Splunk - Cloud Administration
(Duration : 3 Days)

1

Splunk Cloud Overview

  • Describe Cloud topology
  • Describe tasks managed by the Splunk cloud administrator
  • List the primary differences between Splunk Cloud and Splunk Enterprise
2

Index Management

  • Define a Splunk Index
  • Create indexes in cloud
  • Delete data from an index
  • Monitor indexing activities
3

User Authentication and Authorization

  • Administer Splunk user roles
  • Integrate Splunk with LDAP, Active Directory, or SAML
  • Enable Duo security Multi Factor Authentication (MFA)
4

Getting Data in

  • List Splunk input options
  • Describe the basic settings for an input
  • Review Splunk configuration files
  • Use a test environment to verify data
5

Getting Data in Cloud

  • List Splunk forwarder types
  • Describe the role of forwarders
  • Configure a forwarder to Splunk Cloud
  • Test the forwarder connection
  • Describe optional forwarder settings
6

Forwarder Management

  • Describe Splunk Deployment Server
  • Explain the use of forwarder management
  • Configure forwarders to be deployment clients
  • Managing forwarders using deployment apps
7

Monitor Inputs

  • Describe the Splunk process for inputting data
  • Create file and directory monitor inputs
  • Use optional settings for monitor inputs
8

Network and Other Inputs

  • Create network (TCP and UDP) inputs
  • Create a basic scripted input
  • Describe optional settings for network inputs
  • Identify Windows input types and uses
  • Use the HTTP Event Collector (HEC) to get data into Splunk
9

Fine-tuning Inputs

  • Describe the default processing that occurs during the input phase
  • Configure input phase options, such as sourcetype fine-tuning and character set encoding
10

Parsing Phase and Data Preview

  • Describe the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Explain how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase
11

Manipulating Raw Data

  • Explain how data transformations are defined and invoked
  • Use transformations with props.conf and transforms.conf to modify raw data
  • Use SECCMD to modify raw data
  • Splunk Education Services
12

Installing and Managing Apps

  • Describe self-service app installs vs. manual app installs
  • Provide steps to install apps
  • Describe how apps are managed
13

Working with Splunk Cloud Support

  • Isolate problems before contacting Splunk Cloud Support
  • Define the process for working with Splunk Cloud Support

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X