Improve your experience. We are very sorry but this website does not support Internet Explorer. We recommend using a different browser that is supported such as Google Chrome or Mozilla Firefox.

Splunk Enterprise 9.0 Cluster Administration

This 3-virtual day course is for an experienced Splunk Enterprise administrator who is new to Splunk Clusters. The course provides the fundamental knowledge of deploying and managing Splunk Enterprise in a clustered environment. It covers installation, configuration, management, and monitoring of Splunk clusters. While Splunk Clusters are supported in Windows environments, the class lab environment is running Linux instances only.

Description

  • Large-scale Splunk Deployment Overview
  • Single-site Indexer Cluster
  • Indexer Cluster Management and Administration
  • Forwarder Configuration
  • Search Head Cluster
  • Search Head Cluster Management and Administration
  • KV Store Collection and Lookup Management
  • SmartStore Implementation Overview

Cancellation Policy

Requests for cancellations or rescheduling of live instructor-led training must be received at least 5 business days prior to the start of class for a full refund. You agree to pay the full list price for each registered course (irrespective of the amount paid) for failing to cancel at least five working days prior to the course start date and/or failing to attend the complete course (all days).

Duration

13.5 Hours

Objectives

Module 1 – Splunk Troubleshooting Methods and Tools

  • Deployment Design Factors
  • How Splunk Enterprise can scale
  • Splunk License Master
  • Splunk 9.0 Security

Module 2 – Single-site Indexer Cluster

  • How Splunk Single-Site Indexer Clusters Work
  • Indexer Cluster Components and Terms
  • Splunk single-site Indexer Cluster Configuration
  • Splunk Indexer Cluster Log Channels

Module 3 – Multisite Indexer Cluster 

  • How Splunk Multisite Indexer Clusters Work
  • Multisite Indexer Cluster Terms
  • Multisite Indexer Cluster Configuration
  • Optional Multisite Indexer Cluster Configurations

Module 4 – Indexer Cluster Management and Administration

  • Peer Offline and Decommission
  • Master App Bundles
  • Indexer Cluster Storage Utilization Options
  • Site Mapping
  • Monitoring Console for Indexer Cluster Environment
  • Cluster Manager Redundancy

Module 5 – Forwarder Management

  • Indexer Discovery
  • Optional Indexer Discovery Configurations
  • Volume-Based Forwarder Load Balancing

Module 6 – Search Head Cluster

  • Search Head Cluster Architecture
  • Search Head Cluster Configuration
  • Captaincy Identification and Cluster Status
  • Search Head Cluster Settings

Module 7 – Search Head Cluster Management

  • Search Head Cluster Deployer
  • Captaincy Transfer
  • Search Head Member Addition and Decommissioning
  • Monitoring Console for Search Head Cluster

Module 8 – KV Store Collection and Lookup Management

  • KV Store Collection in Splunk Clusters
  • KV Store Monitoring with Monitoring Console

Module 9 – Introduction to Smart Store

  • SmartStore Deployment Use Cases
  • SmartStore Architecture Overview
  • Enable SmartStore in Indexer Cluster
  • Monitor SmartStore Status

Prerequisites

To be successful, students should have a solid understanding of the following courses:

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

OR the following single-subject courses:

  • What Is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations
  • Leveraging Lookups and Subsearches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Enriching Data with Lookups
  • Data Models
  • Introduction to Dashboards

Students should also have completed the following courses:

  • Splunk System Administration
  • Splunk Data Administration
  • Troubleshooting Splunk Enterprise

How is this training usually structured?

Online training is typically structured in 3,4, or 4.5 hour long half-day sessions or 6-hour full-day sessions with an hour-long break for lunch

What happens when I register?

Once you register, we will send you a confirmation email that includes the information you will need to attend this training.

What is the price of this training?

This training is priced at $ 1500.00 USD per participant.

We accept payments by credit card (VISA, MasterCard, American Express, and Discover Card) or Training Credits. Note that ILT courses must start before the training credit expiration date. If you would like to pay by purchase order, please contact your account team for a quote.

What language is this class taught in?

This class is taught in English.

Where is the training taking place?

This training is taking place in AMER Eastern Time - Virtual.

Who is providing this training?

This class is being delivered by a Splunk ALP - ClearShark Services, Inc.

Similar courses

Splunk Enterprise 9.0 System Administration

This 12-hour course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.

More Information
Splunk Enterprise 9.0 Data Administration

This 18-hour course is designed for administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.

More Information

Press enter to see more results