Splunk Enterprise 9.0 System Administration

This 12-hour course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.

Description

  • Splunk Deployment Overview
  • License Management
  • Splunk Configuration Files
  • Splunk Apps
  • Index Management
  • Users, Roles, and Authentication
  • Basic Forwarding
  • Distributed Search

Cancellation Policy

Requests for cancellations or rescheduling of live instructor-led training must be received at least 5 business days prior to the start of class for a full refund. You agree to pay the full list price for each registered course (irrespective of the amount paid) for failing to cancel at least five working days prior to the course start date and/or failing to attend the complete course (all days).

Duration

12 hours

How is this training usually structured?

Online training is typically structured in 3,4, or 4.5 hour long half-day sessions or 6-hour full-day sessions with an hour-long break for lunch

Objectives

Module 1 - Deploying Splunk

  • Provide an overview of Splunk
  • Identify Splunk Enterprise components
  • Identify the types of Splunk deployments
  • List the steps to install Splunk
  • Use Splunk CLI commands

Module 2 - Monitoring Splunk

  • Use Splunk Health Report
  • Enable the Monitoring Console (MC)
  • Use Splunk Assist
  • Use Splunk Diag

Module 3 - Licensing Splunk

  • Identify Splunk license types
  • Describe license violations
  • Add and remove licenses

Module 4 - Using Configuration Files

  • Describe Splunk configuration directory structure
  • Understand configuration layering process
  • Use btool to examine configuration settings

Module 5 - Using Apps

  • Describe Splunk apps and add-ons
  • Install an app on a Splunk instance
  • Manage app accessibility and permissions

Module 6 - Creating Indexes

  • Learn how Splunk indexes functions
  • Identify the types of index buckets
  • Add and work with indexes
  • Overview of metrics index

Module 7 - Managing Index

  • Review Splunk Index Management basics
  • Identify data retention recommendations
  • Identify backup recommendations
  • Move and delete index data
  • Describe the use of the Fishbucket
  • Restore a frozen bucket

Module 8 - Managing Users

  • Add Splunk users using native authentication
  • Describe user roles in Splunk
  • Create a custom role
  • Manage users in Splunk

Module 9 - Configuring Basic Forwarding

  • Identify forwarder configuration steps
  • Configure a Universal Forwarder
  • Understand the Deployment Server

Module 10 - Configuring Distributed Search

  • Describe how distributed search works
  • Describe the roles of the search head and search peers

Prerequisites

To be successful, students should have a solid understanding of either the following courses:

  • What Is Splunk?
  • Intro to Splunk
  • Using Fields
  • Introduction to Knowledge Objects

OR the following courses:

  • Fundamentals 1
  • Fundamentals 2

What happens when I register?

Once you register, we will send you a confirmation email that includes the information you will need to attend this training.

What is the price of this training?

This training is priced at $ 1500.00 USD per participant.

We accept payments by credit card (VISA, MasterCard, American Express, and Discover Card) or Training Credits. Note that ILT courses must start before the training credit expiration date. If you would like to pay by purchase order, please contact your account team for a quote.

What language is this class taught in?

This class is taught in English.

Where is the training taking place?

This training is taking place in AMER Eastern Time - Virtual.

Who is providing this training?

This class is being delivered by a Splunk ALP - ClearShark Services, Inc.