Splunk Enterprise 7.3 System Administration

Splunk Enterprise 7.3 System Administration

Summary

This 2 virtual day course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.

Description

  • Splunk Deployment Overview
  • License Management
  • Splunk Apps
  • Splunk Configuration Files
  • Users, Roles, and Authentication
  • Getting Data In
  • Distributed Search
  • Introduction to Splunk Clusters

Duration

2 Days

Objectives

Module 1 - Splunk Deployment Overview

  • Splunk overview
  • Identify Splunk components
  • Identify Splunk system administrator role
  • Identify Splunk installation steps
  • Use SplunkCLI
  • Enable the Monitoring Console (MC)

Module 2 - License Management

  • Identify license types
  • Describe license violations
  • Add and remove licenses

Module 3 - Splunk Apps

  • Describe Splunk apps and add-ons
  • Install an app on a Splunk instance
  • Manage app accessibility and permissions

Module 4 - Splunk Configuration Files

  • Describe Splunk configuration directory structure
  • Understand configuration layering process
  • Use btool to examine configuration settings

Module 5 - Splunk Indexes

  • Understand how indexes function
  • Understand the types of index buckets
  • Create new indexes
  • Explain the advantage of using multiple indexes
  • Monitor indexes with Monitoring Console

Module 6 - Splunk Index Management

  • Manage indexes with Splunk web
  • Describe indexes.conf attributes and stanzas
  • Customize index retention policies
  • Delete events from an index
  • Restore frozen buckets

Module 7 - Splunk User Management

  • Add Splunk users using native authentication
  • Describe user roles in Splunk
  • Create a custom role
  • Splunk authentication options

Module 8 - Configuring Basic Forwarding

  • Identify forwarder configuration steps
  • List Splunk forwarder types
  • Configure the forwarder
  • Identify forwarder configuration files

Module 9 - Distributed Search

  • Describe how distributed search works
  • Explain the roles of the search head and search peers
  • Configure a distributed search group
  • List search head scaling options

 

Prerequisites

Required:

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

 

Testimonials

The SA class was really good. Opened my mid up to MOC, btool, index/search precedence etc.. Great job

- EliteSE

Excellent
helpful for my day to day work

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Eastern Time - Virtual

Ingeniq

EMEA Coordinated Universal Time (GMT) - Virtual

AMER Pacific Time - Virtual

APAC Singapore - Virtual


Don't see a date that works for you?

Request Class

What Our Clients Are Saying

helpful for my day to day work
The SA class was really good. Opened my mid up to MOC, btool, index/search precedence etc.. Great job

- EliteSE

Excellent