Implementing Splunk Data Stream Processor (DSP) 1.0

Implementing Splunk Data Stream Processor (DSP) 1.0

Summary

This 3-virtual day course is designed for the experienced Splunk administrators who are new to a data stream processing service. This hands-on class is designed to provide the essential knowledge for deploying a Splunk DSP cluster, designing DSP pipelines and managing stream processing use cases.

It covers installation, source and sink configurations, pipeline design and backup, and monitoring a DSP environment.

Description

  • Introduction to Splunk Data Stream Processor
  • Deploying a DSP cluster
  • Building Pipelines - Basics
  • Building Pipelines - Deep Dive
  • Working with 3rd party data feeds
  • Monitoring DSP environment

Duration

3 Days

Objectives

Module 1 – Introduction to DSP

  • Review Splunk deployment options and challenges
  • Describe the purpose and value of Splunk DSP
  • Understand DSP concepts and terminologies

Module 2 – Deploying a DSP Cluster

  • List DSP core components and system requirements
  • Describe installation steps
  • Check DSP service status
  • Configure sources and a default Splunk sink

Module 3 – Building Pipelines - Basics

  • Describe the basic elements of a DSP pipeline
  • Familiarize with the DSP GUI
  • Create data pipelines using the DSP canvas UI
  • Ingest data from Splunk forwarders
  • Filter data from Splunk Firehose and route to multiple sinks

Module 4 – Building Pipelines - Deep Dive

  • Manipulate pipeline options:
    • Extract
    • Transform
    • Obfuscate
    • Aggregate

Module 5 – Working with 3rd party data feeds

  • Read from and write data to Kafka topics
  • List input sources supported with the collect service
  • Transform data from Kafka and route them to multiple sinks

Module 6 – Monitoring DSP Environment

  • Back up DSP pipelines
  • Monitor DSP environment
  • Upgrade DSP
  • Describe steps to isolate DSP service issues

Prerequisites

Required:

  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration

Nice to have:

  • Architecting Splunk Enterprise Deployments
  • Working knowledge of:
    • Distributed system architectures
    • Apache Kafka (user level)
    • Apache Flink (user level)
    • Kubernetes (admin level)

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Eastern Time - Virtual

AMER Pacific Time - Virtual


Don't see a date that works for you?

Request Class