• Splunk Deployment Overview
• License Management
• Splunk Apps
• Splunk Configuration Files
• Users, Roles, and Authentication
• Getting Data In
• Distributed Search

Module 1 - Splunk Deployment Overview

• Provide an overview of Splunk
• Identify Splunk components
• Identify Splunk system administrator role
• Identify Splunk installation steps
• Use SplunkCLI
• Enable the Monitoring Console (MC)

Module 2 - License Management

• Identify license types
• Describe license violations
• Add and remove licenses

Module 3 - Splunk Apps

• Describe Splunk apps and add-ons
• Install an app on a Splunk instance
• Manage app accessibility and permissions

Module 4 - Splunk Configuration Files

• Describe Splunk configuration directory structure
• Understand configuration layering process
• Use btool to examine configuration settings

Module 5 - Splunk Indexes

• Learn how Splunk indexes function
• Identify the types of index buckets
• Create new indexes
• Identify the advantage of using multiple indexes
• Monitor indexes with Monitoring Console

Module 6 - Splunk Index Management

• Manage indexes with Splunk web
• Describe indexes.conf attributes and stanzas
• Customize index retention policies
• Delete events from an index
• Restore frozen buckets

Module 7 - Splunk User Management

• Add Splunk users using native authentication
• Describe user roles in Splunk
• Create a custom role
• Splunk authentication options

Module 8 - Configuring Basic Forwarding

• Identify forwarder configuration steps
• List Splunk forwarder types
• Configure the forwarder
• Identify forwarder configuration files

Module 9 - Distributed Search and Splunk Diag

• Describe how distributed search works
• Explain the roles of the search head and search peers
• List search head scaling options
• Describe a Splunk diag
• Generate a Splunk diag

Required:

• Splunk Fundamentals 1
• Splunk Fundamentals 2