- Free Courses
-
Learning Paths
- Courses for Users
- Courses for Splunk Administrators
- Courses for Splunk Cloud Customers
-
Courses for Splunk Architects
- Overview
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Advanced Dashboards and Visualizations
- Architecting Splunk Enterprise Deployments
- Courses for App Developers
- Courses for Enterprise Security Administrators
- Courses for Enterprise Security End-Users
- Courses for IT Service Intelligence Administrators
- Courses for IT Service Intelligence End-Users
- Certification Tracks
-
Courses
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Advanced Searching and Reporting
- Advanced Dashboards and Visualizations
- Building Splunk Apps
- Splunk for Analytics and Data Science
- Splunk Infrastructure Overview
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Cloud Administration
- Architecting Splunk Enterprise Deployments
- Splunk Enterprise Practical Lab
- Developing with Splunk's REST API
- Administering Splunk Enterprise Security
- Using Splunk Enterprise Security
- Implementing Splunk IT Service Intelligence
- Using Splunk IT Service Intelligence
- Splunk User Behavior Analytics
- Introduction to Phantom
- Developing Phantom Playbooks
-
Videos
- All Videos
- Splunk Cloud Tutorial
- Installing Splunk Enterprise 6 on Linux
- Installing Splunk Enterprise 6 on Windows
- Getting Data In to Splunk Enterprise (Linux)
- Getting Data In (Windows)
- Getting Data In with Forwarders
- Basic Search in Splunk Enterprise 6.3
- Create a Dashboard in Splunk Enterprise
- Using the Splunk MINT SDK for Android
- Using the Splunk MINT SDK for iOS
- Basic Search in Splunk Light
- Create Reports in Splunk Light
- Create Dashboards in Splunk Light
- Create Alerts in Splunk Light
- Splunk Certification Candidate Journey
- FAQ
-
- Recertification
- Certification Exams
- Download Fact Sheet
Course Description
This 2 virtual day course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.
Instructor-led Training Schedule
Required:
- Splunk Fundamentals 1
Strongly Recommended:
- Splunk Fundamentals 2
- Splunk Deployment Overview
- License Management
- Splunk Apps
- Splunk Configuration Files
- Users, Roles, and Authentication
- Getting Data In
- Distributed Search
- Introduction to Splunk Clusters
- Splunk overview
- Identify Splunk components
- Identify Splunk system administrator role
- Identify license types
- Describe license violations
- Add and remove licenses
- Describe Splunk apps and add-ons
- Install an app on a Splunk instance
- Manage app accessibility and permissions
- Describe Splunk configuration directory structure
- Understand configuration layering process
- Use btool to examine configuration settings
- Describe index structure
- List types of index buckets
- Create new indexes
- Monitor indexes with Monitoring Console
- Apply a data retention policy
- Backup data on indexers
- Delete data from an index
- Restore frozen data
- Describe user roles in Splunk
- Create a custom role
- Add Splunk users
- Integrate Splunk with LDAP
- List other user authentication options
- Describe the steps to enable Multifactor Authentication in Splunk
- Describe the basic settings for an input
- List Splunk forwarder types
- Configure the forwarder
- Add an input to UF using CLI
- Describe how distributed search works
- Explain the roles of the search head and search peers
- Configure a distributed search group
- List search head scaling options