• Splunk Deployment Overview
• License Management
• Splunk Apps
• Splunk Configuration Files
• Users, Roles, and Authentication
• Getting Data In
• Distributed Search

Module 1 - Splunk Server Deployment

• Provide an overview of Splunk
• Identify Splunk components
• Identify the types of Splunk deployments
• List the steps to install Splunk
• Use Splunk CLI commands

Module 2 - Splunk Server Monitoring

• Enable the Monitoring Console
• Identify Splunk license types
• Describe license violations
• Add and remove licenses
• Use Splunk Diag

Module 3 - Splunk Apps

• Describe Splunk apps and add-ons
• Install an app on a Splunk instance
• Manage app accessibility and permissions

Module 4 - Splunk Configuration Files

• Describe Splunk configuration directory structure
• Understand configuration layering process
• Use btool to examine configuration settings

Module 5 - Splunk Indexes

• Learn how Splunk indexes function
• Identify the types of index buckets
• Adding and working with indexes
• Overview of metrics index
• Monitor indexes with Monitoring Console

Module 6 - Splunk Index Management

• Manage indexes with Splunk web
• Describe indexes.conf options
• Monitor indexes with Monitoring Console (MC)
• Customize index retention policies
• Back of indexes
• Delete events from an index
• Restore frozen buckets

Module 7 - Splunk User Management

• Add Splunk users using native authentication
• Describe user roles in Splunk
• Create a custom role
• Manage users in Splunk

Module 8 - Configuring Basic Forwarding

• Identify forwarder configuration steps
• Configure a Universal Forwarder
• Identify forwarder configuration files

Module 9 - Distributed Search

• Describe how distributed search works
• Explain the roles of the search head and search peers
• List search head scaling options

Required:

• Splunk Fundamentals 1
• Splunk Fundamentals 2