• Large-scale Splunk Deployment Overview
• Single-site Indexer Cluster
• Indexer Cluster Management and Administration
• Forwarder Configuration
• Search Head Cluster
• Search Head Cluster Management and Administration
• KV Store Collection and Lookup Management
• SmartStore Implementation Overview

Module 1 – Large-scale Splunk Deployment Overview

• Factors that affecting deployment design
• How Splunk Enterprise can scale
• Splunk License Master

Module 2 – Single-site Indexer Cluster

• How Splunk single-site indexer clusters work
• Indexer cluster components and terms
• Splunk single-site indexer cluster configuration
• Splunk indexer cluster log channels

Module 3 – Multisite Indexer Cluster

• How Splunk multisite indexer clusters work
• Multisite indexer cluster terms
• Multisite indexer cluster configuration
• Optional multisite indexer cluster configurations

Module 4 – Indexer Cluster Management and Administration

• Peer offline and decommission
• Master app bundles
• Indexer cluster storage utilization options
• Site mapping
• Monitoring Console for indexer cluster environment

Module 5 – Forwarder Management

• Indexer discovery
• Optional indexer discovery configurations
• Volumne-based forwarder load balancing

Module 6 – Search Head Cluster

• Splunk search head cluster overview
• Search head cluster configuration

Module 7 – Search Head Cluster Management and Administration

• Search head cluster deployer
• Captaincy transfer
• Search head member addition and decommissioning
• Monitoring Console for Search Head Cluster

Module 8 – KV Store Collection and Lookup Management

• KV Store collection in Splunk clusters
• KV Store monitoring with Monitoring Console

Module 9 – SmartStore Implementation

• SmartStore architecture overview
• Deploy and manage SmartStore

Required:

• Splunk Enterprise System Administration
• Splunk Enterprise Data Administration

Strongly Recommended:

• Troubleshooting Splunk Enterprise
• Working Linux knowledge
• 3 months of hands-on Splunk administration experience