Splunk Administration Course Contents

 Introduction to Splunk.
 What is Splunk?
 Why we need Splunk?
 What insights you can get into IT operations with Splunk?
 What are the different components of the Splunk?
 Forwarder (Universal & Heavy)
 Indexer
 Search head
 Deployment server
 Cluster master
 Licensing server
 Detail explanation of Splunk components.
 What is the Architecture of the Splunk?
 Standalone architecture
 Distributed Architecture
 Sample architecture diagram creation
 Installation of Splunk enterprise.
 Downloading the Splunk software, installing and configuration setup
 Exploring the Splunk search head.
 Basic Searching
 Run basic searches
 Set the time range of a search
 Identify the contents of search results
 Search processing Language Fundamentals
 Review basic search commands and general search practices
 Examine the search pipeline
 Specify indexes in searches
 Use autocomplete and syntax highlighting
 Use SPL search commands to perform searches
 Creating Reports and Dashboards
 Save a search as a report
 Edit reports
 Create reports that include visualizations such as charts and tables
 Create a dashboard
 Add a report to a dashboard
 Edit a dashboard
 Creating Scheduled Reports and Alerts
 Describe scheduled reports
 Configure scheduled reports
 Describe alerts
 Create alerts
 View fired alerts
 Using Fields in Searches
 Understand fields
 Use fields in searches
 Use the fields sidebar
 Introduction to Data Administration
 Splunk overview
 Identify Splunk data administrator role
 Getting Data In - Staging
 List the four phases of Splunk Index
 List Splunk input options
 Configuring Forwarders
 Understand the role of Forwarders
 Understand the functionality of Universal Forwarders and Heavy Forwarders
 ConfigureForwarders
 Identify additional Forwarder options
 Forwarder Management
 Explain the use of Forwarder Management
 Describe Splunk Deployment Server
 Manage forwarders using deployment apps
 Configure deployment clients
 Configure client groups
 Monitor forwarder management activities
 Monitor Inputs
 Create file and directory monitor inputs
 Use optional settings for monitor inputs
 Deploy a remote monitor input
 Network and Scripted Inputs
 Create network (TCP and UDP) inputs
 Describe optional settings for network inputs
 Create a basic scripted input
 Agentless Inputs
 Identify Windows input types and uses
 HTTP Event Collector
 Splunk App for Stream
 Fine Tuning Inputs
 Understand the default processing that occurs during input phase
 Configure input phase options, such as sourcetype fine-tuning and character set
encoding
 Parsing Phase and Data
 Understand the default processing that occurs during parsing
 Optimize and configure event line breaking
 Explain how timestamps and time zones are extracted or assigned to events
 Use Data Preview to valid ate event creation during the parsing phase
 Manipulating Raw Data
 Explain how data transformations are defined and invoked
 Use transformations with props.conf and transforms.conf to:
 Mask or delete raw data as it is being indexed
 Override sourcetype or host based upon event values
 Route events to specific indexes based on event content
 Prevent unwanted events from being indexed
 Use SEDCMD to modify raw data
 Supporting Knowledge Ob jects
 Create field extractions
 Configure collections for KV Store
 Manage Knowledge Object permissions
 Control automatic field extraction
 Creating a Diag
 Identify Splunk diag
 Using Splunk diag
 Splunk Developer Overview
 Splunk overview
 Identify Splunk components
 Identify Splunk system administrator role
 License Management
 Identify license types
 Describe license violations
 Add and remove licenses
 Splunk Apps
 Describe Splunk apps and add-ons
 Install an app on a Splunk instance
 Manage app accessibility and permissions
 Splunk Configuration Files
 Describe Splunk configuration directory structure
 Understand configuration layering process
  Use btool to examine configuration settings
 Splunk Indexes
 Describe index structure
 List types of index buckets
 Create new indexes
 Monitor indexes with Monitoring Console
 Splunk Index Management
 Apply a data retention policy
 Backup data on indexers
 Delete data from an index
 Restore frozen data
 Splunk User Management
 Describe user roles in Splunk
 Create a custom role
 Add Splunk users
 Splunk Authentication Management
 Integrate Splunk with LDAP
 List other user authentication options
 Describe the steps to enable Multifactor Authentication in Splunk
 Getting Data In
 Describe the basic settings for an input
 List Splunk forwarder types
 Configure the forwarder
 Add an input to UF using CLI
 Distributed Search
 Describe how distributed search works
 Explain the roles of the search head and search peers
 Configure a distributed search group
 List search head scaling options