Splunk 7.3 Cluster Administration

Splunk 7.3 Cluster Administration

Summary

This 3-virtual day course is for an experienced Splunk Enterprise administrator who is new to Splunk Clusters. The course provides the fundamental knowledge of deploying and managing Splunk Enterprise in a clustered environment. It covers installation, configuration, management, and monitoring of Splunk clusters. While Splunk Clusters are supported in Windows environments, the class lab environment is running Linux instances only.

Description

  • Large-scale Splunk Deployment Overview
  • Single-site Indexer Cluster
  • Indexer Cluster Management and Administration
  • Forwarder Configuration
  • Search Head Cluster
  • Search Head Cluster Management and Administration
  • KV Store Collection and Lookup Management
  • SmartStore Implementation Overview

Duration

3 Days

Objectives

Module 1 – Large-scale Splunk Deployment Overview

  • Factors that affecting deployment design
  • How Splunk Enterprise can scale
  • Splunk License Master

Module 2 – Single-site Indexer Cluster

  • How Splunk single-site indexer clusters work
  • Indexer cluster components and terms
  • Splunk single-site indexer cluster configuration
  • Splunk indexer cluster log channels

Module 3 – Multisite Indexer Cluster

  • How Splunk multisite indexer clusters work
  • Multisite indexer cluster terms
  • Multisite indexer cluster configuration
  • Optional multisite indexer cluster configurations

Module 4 – Indexer Cluster Management and Administration

  • Peer offline and decommission
  • Master app bundles
  • Indexer cluster storage utilization options
  • Site mapping
  • Monitoring Console for indexer cluster environment

Module 5 – Forwarder Management

  • Indexer discovery
  • Optional indexer discovery configurations
  • Volumne-based forwarder load balancing

Module 6 – Search Head Cluster

  • Splunk search head cluster overview
  • Search head cluster configuration

Module 7 – Search Head Cluster Management and Administration

  • Search head cluster deployer
  • Captaincy transfer
  • Search head member addition and decommissioning
  • Monitoring Console for Search Head Cluster

Module 8 – KV Store Collection and Lookup Management

  • KV Store collection in Splunk clusters
  • KV Store monitoring with Monitoring Console

Module 9 – SmartStore Implementation

  • SmartStore architecture overview
  • Deploy and manage SmartStore

Prerequisites

Required:

  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration

Strongly Recommended:

  • Troubleshooting Splunk Enterprise
  • Architecting Splunk Enterprise Deployments
  • Working Linux knowledge
  • 3 months of hands-on Splunk administration experience

Testimonials

It was a very difficult challenge
very helpful for my day to day job

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Eastern Time - Virtual

AMER Pacific Time - Virtual

Ingeniq

EMEA Coordinated Universal Time (GMT) - Virtual

APAC Singapore - Virtual


Don't see a date that works for you?

Request Class

What Our Clients Are Saying

very helpful for my day to day job
It was a very difficult challenge