Implementing Splunk Data Fabric Search (DFS) 1.1

Implementing Splunk Data Fabric Search (DFS) 1.1

Upcoming Classes


Instructor-led online training

Location Jul 2020 Aug 2020 Sep 2020 Oct 2020 Nov 2020 Dec 2020 Jan 2021
AMER Eastern Time - Virtual Aug 17 – Aug 18


Splunk Data Fabric Search (DFS) is the extended Splunk search platform. This 2-day course is designed for the experienced Splunk system administrators who are looking to manage massive dataset searches using DFS.

This hands-on class is designed to provide the essential knowledge for DFS to scale Splunk search capabilities beyond the default limits.

The course covers deployment use cases, configurations, DFS search commands, monitoring, and troubleshooting of the implementation.


  • Introduction to Splunk Data Fabric Search
  • Implement DFS for Big Data Analysis
  • Implement DFS for Federated Searches
  • Monitoring and managing DFS environment


2 Days


Module 1 – Introduction to DFS

  • Describe a classic Splunk distributed search flow
  • Review Splunk Enterprise deployment options and search challenges
  • List key attributes that limit Splunk search jobs
  • Describe the benefits of DFS
  • Understand new DFS terminology

Module 2 – Implement DFS for Big Data Analysis

  • Understand new DFS terminology
  • List deployment requirements for DFS Big Data Analysis
  • Enable DFS for Big Data Analysis searches
  • Run DFS Big Data Analysis searches
  • Investigate DFS job details

Module 3 – Implement DFS for Federated Searches

  • List deployment requirements for federated searches
  • Enable DFS for federated searches
  • Run DFS federated search jobs
  • Investigate federated search job details

Module 4 – Monitoring and managing DFS Environment

  • Monitor DFS compute cluster environment
  • Identify DFS log locations
  • Change DFS logging levels
  • Describe steps to isolate DFS issues and troubleshoot



  • Advanced Search and Reporting
  • Splunk Cluster Administration

Strongly recommended:

  • Troubleshooting Splunk Enterprise
  • Splunk Workload Management
  • Architecting Splunk Enterprise Deployments
  • Working knowledge of Linux commands

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Eastern Time - Virtual

Don't see a date that works for you?

Request Class