Course Description

This self-paced course gives users an overview of the Splunk Enterprise infrastructure. Users get a high-level look at how to grow a Splunk deployment from a single instance to a distributed environment. With tips and best practices for deploying, extending and integrating Splunk while showing the user what is happening behind the scenes.

Course Prerequisites

Using Splunk or equivalent Splunk experience

 

Course Objectives

Module 1 - Splunk Components

  • Identify Components
  • How Splunk Scales

 

 

Module 2 -  Pre-installation

  • Hardware Requirements
  • Installing on Virtual Environments
  • Permissions
  • Time Syncing
  • What is Splunkd
  • Port Information

 

Module 3 - Installing Splunk

  • Installing on Linux
  • Installing on Window
  • Installing Components
  • SplunkWeb Administration
  • Splunk Directory Structure

Module 4 - The Splunk Pipeline

  • How Data Flows
  • Licensing
  • .conf Files

 

Module 5 - Indexes

  • Overview of Indexes
  • Using Multiple Indexes
  • Buckets
  • Creating Indexes

Module 6 - User and Roles

  • Users
  • Roles
  • Methods

Module 7 - Data Inputs

  • Overview of Inputs
  • Upload Input
  • Monitor Input
  • Universal Forwarder
  • Heavy Forwarder
  • SSL for Forwarded Data
  • Apps and Add-ons

Module 8 - Growing Your Deployment

  • Setting up Search Peers
  • DMC Overview