Professional Documents
Culture Documents
SPLUNK Training - Power User & Admin: About The Course
SPLUNK Training - Power User & Admin: About The Course
This Splunk Power User and Admin Certification Training includes concepts which are
required for both Splunk Power Users and Splunk Administrators. By the end of this training,
you will learn their roles, responsibilities and be ready for implementation. The Training
helps you work with Configuration files and settings, use Searching & Reporting
commands, use various Knowledge objects, and finally create Dashboards for
visualization with the help of real-life Use-Cases.
Course Objectives
After completing our Splunk Power User & Admin training, you should be able to:
Splunk is leading Analytics tool which helps in Server Monitoring, Data Analytics & Data
Visualization. Splunk captures, indexes, and correlates real-time data in a searchable
repository from which it can generate graphs, reports, alerts, dashboards, and
visualizations. This training certifies and lets you grab the top paying Splunk Admin/ Power
User jobs. This training also makes Splunk, the ideal strategic platform for companies
looking to solve data analytics issues of any size.
Goal: In this module, you will get introduced to Machine Data, understand the challenges
it presents, and how Splunk can be leveraged to gain Operational Intelligence. Get
introduced to various components of Splunk along with how they can be installed.
Topics:
• What is Machine Data & its challenges?
• Need for Splunk and its features
• Splunk Products and their Use-Case
• Download and Install Splunk
• Splunk Components: Search Head, Indexer, Forwarder, Deployment Server, & License
Master
• Splunk Architecture
• Splunk Licensing options
Hands On
• Setting up Splunk Enterprise environment
• Setting up Search Heads, Indexer, Heavy, and Universal Forwarders
Goal: In this module, you will learn how to create and manage users, understand the
Splunk Admin role and responsibilities, the architecture of Splunk Index and work with
Splunk Configuration files.
Topics:
• Introduction to Authentication techniques
• User Creation and Management
• Splunk Admin Role & Responsibilities
• Indexes
• Data Ageing
• Introduction to Splunk configuration files (7)
• Managing the. conf files
Hands On
• Creating and Managing users
• Manage and Modify the Configuration files
• Create index using the indexes.conf file with various retention period and other
functionalities of buckets
Goal: Learn the various Splunk Data onboarding techniques and query that data with
basic and advanced Splunk commands. Use different keywords to search and filter the
Indexed data based on the requirements.
Topics:
• Learn the various data onboarding techniques: -
• Via flat files
• Via UF (Universal Forwarder)
• Implement Basic search commands in Splunk: -
Fields, Table, Sort, Rename, Search
• Understand the use of time ranges while searching
• Learn Reporting & Transforming commands in
Splunk: - Top, Rare, Stats, Chart, Timechart, Dedup, Rex
Hands-On:
• Data onboarding via Universal forwarder and flat files
• Basic and advanced Splunk search commands
• Understand the use of time ranges while searching
Knowledge Objects-I
Goal: Learn about fields and ways to extract them, Create and use Event Types in
search while creating/ modifying alerts.
Topics:
• Splunk Knowledge
• Categories of Splunk Knowledge
• Fields
• Field extraction
• Event types
• Transactions
Hands-On:
Use the following Knowledge objects:
• Field extractions
• Event types
• Transactions
Knowledge Objects-II
Goal: In this module, you will learn to create and define Lookups, create Tags to use
them in search, create and manage Field aliases and Data Models.
Topics:
• What are lookups?
• Defining a lookup
• Configuring an automatic lookup
• Using the lookup in searches and reports
• Workflow action
• Tags
• Creating and managing tags
• Defining and searching field aliases
• Overview of Data Model
Hands on:
• Use the Lookup dashboard
• Use the following Knowledge objects:
• Tags
• Field aliases
Splunk Alerts, Visualizations, Reports, & Dashboards
Goal: In this module, you will learn to schedule alerts, create Reports and Dashboards
along with different visualizations.
• Schedule alerts
• Learn different visualizations offered by Splunk
• Create Reports and Dashboards along with different visualizations
• Add Reports to Dashboards
Topics:
• Create Alerts triggered on certain conditions
• Different Splunk Visualizations
• Create Reports with search results
• Create Dashboards with different Charts and other visualizations
• Set permissions for Reports and Dashboard
• Create Reports and schedule them using cron schedule
• Share Dashboard with other teams
Hands on:
• Scheduling alerts
• Create Splunk Reports
• Create a Dashboard with various Charts and Graphs
Goal: Learn how to setup a Cluster of Splunk instances. Implement both Search Head
clustering and Indexer clustering in this module.
Topics:
• Install Splunk on Linux OS
• Use the frequently used Splunk CLI commands
• Learn the best practices while setting up a Clustering environment
• Splunk Clustering
• Implement Search Head Clustering
• Implement Indexer Clustering
• Deploy an App on the Search Head cluster
Hands on:
• Configuring Splunk instances via Linux CLI
• Clustering techniques
o Search Hear clustering
o Indexer Clustering
• Deploying Apps and configurations using Deployment server
Goal: In this final module, you will be presented with different Use cases and you will have
to solve each of those scenarios. Besides that, you will also be working on an exhaustive
Project that will deal with solving a real-time scenario.