Skip to main content

Splunk Training + Certification

Splunk Enterprise Cluster Administration

Course Description

This 13.5-hour virtual course is for an experienced Splunk Enterprise administrator who is new to Splunk Clusters. The course provides the fundamental knowledge of deploying and managing Splunk Enterprise in a clustered environment. It covers installation, configuration, management, and monitoring of Splunk clusters.

While Splunk Clusters are supported in Windows environments, the class lab environment is running Linux instances only.

Instructor-led Training Schedule

Course Prerequisites

  • Splunk System Administration
  • Splunk Data Administration
Strongly Recommended:
  • Troubleshooting Splunk Enterprise
  • Working Linux knowledge
  • 3 months of hands-on Splunk administration experience

Course Topics

  • Large-scale Splunk Deployment Overview
  • Single-site (high-availability) Indexer Cluster
  • Multisite (disaster-recovery) Indexer Cluster
  • Indexer Cluster Management and Administration
  • Indexer Discovery Forwarder Configuration
  • Search Head Cluster
  • Search Head Cluster Management and Administration
  • KV Store Collection and Lookup Management
  • SmartStore Implementation Overview

Course Objectives

Module 1 – Large-scale Splunk Deployment Overview
  • Factors that affecting deployment design
  • Splunk cluster overview
  • License Master
Module 2 – Single-site Indexer Cluster
  • Splunk single-site indexer cluster configuration
  • Optional single-site indexer cluster configurations
Module 3 – Multisite Indexer Cluster
  • Splunk multi-site indexer cluster overview
  • Multi-site indexer cluster configuration
  • Optional multi-site indexer cluster configurations
  • Cluster migration and upgrade considerations
Module 4 – Indexer Cluster Management and Administration
  • Indexer cluster storage utilization options
  • Peer offline and decommission
  • Master app bundles
  • Monitoring Console for indexer cluster environment
Module 5 – Forwarder Management
  • Indexer discovery
  • Optional indexer discovery configurations
Module 6 – Search Head Cluster
  • Splunk search head cluster overview
  • Search head cluster configuration
Module 7 – Search Head Cluster Management and Administration
  • Search head cluster deployer
  • Captaincy transfer
  • Search head member addition and decommissioning
  • Monitoring Console for Search Head Cluster
Module 8 – KV Store Collection and Lookup Management
  • KV Store collection in Splunk clusters
  • KV Store monitoring with Monitoring Console
Module 9 – SmartStore Implementation
  • SmartStore architecture overview
  • Deploy and manage SmartStore