Splunk Training + Certification

Splunk Enterprise System Administration

The newest comprehensive resource from Splunk Training + Certification is here.

Splunk Education Student Handbook
View My Training Profile

Course Description

This 2 virtual day course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.

Download Course Description

Instructor-led Training Schedule

View Schedule

Course Prerequisites

Required:

  • Splunk Fundamentals 1

Strongly Recommended:

  • Splunk Fundamentals 2

Course Topics

  • Splunk Deployment Overview
  • License Management
  • Splunk Apps
  • Splunk Configuration Files
  • Users, Roles, and Authentication
  • Getting Data In
  • Distributed Search
  • Introduction to Splunk Clusters

Course Objectives
 

Module 1 - Splunk Developer Overview
  • Splunk overview
  • Identify Splunk components
  • Identify Splunk system administrator role
Module 2 - License Management
  • Identify license types
  • Describe license violations
  • Add and remove licenses
Module 3 -  Splunk Apps
  • Describe Splunk apps and add-ons
  • Install an app on a Splunk instance
  • Manage app accessibility and permissions
Module 4 - Splunk Configuration Files
  • Describe Splunk configuration directory structure
  • Understand configuration layering process
  • Use btool to examine configuration settings
Module 5 - Splunk Indexes
  • Describe index structure
  • List types of index buckets
  • Create new indexes
  • Monitor indexes with Monitoring Console
Module 6 - Splunk Index Management
  • Apply a data retention policy
  • Backup data on indexers
  • Delete data from an index
  • Restore frozen data
Module 7 - Splunk User Management
  • Describe user roles in Splunk
  • Create a custom role
  • Add Splunk users
Module 8 - Splunk Authentication Management
  • Integrate Splunk with LDAP
  • List other user authentication options
  • Describe the steps to enable Multifactor Authentication in Splunk
Module 9 - Getting Data In
  • Describe the basic settings for an input
  • List Splunk forwarder types
  • Configure the forwarder
  • Add an input to UF using CLI
Module 10 - Distributed Search
  • Describe how distributed search works
  • Explain the roles of the search head and search peers
  • Configure a distributed search group
  • List search head scaling options
PLATFORM
PLATFORM
SECURITY PRODUCTS
SECURITY PRODUCTS
IT OPERATIONS & OBSERVABILITY PRODUCTS
IT OPERATIONS & OBSERVABILITY PRODUCTS
SOLUTIONS BY INITIATIVE
SOLUTIONS BY INITIATIVE
SOLUTIONS BY FUNCTION
SOLUTIONS BY FUNCTION
SOLUTIONS BY INDUSTRY
SOLUTIONS BY INDUSTRY
WHY SPLUNK?
WHY SPLUNK?
SUPPORT
SUPPORT
RESOURCES
RESOURCES
FOR DEVELOPERS
FOR DEVELOPERS
COMPANY
COMPANY
SPLUNK SITES
SPLUNK SITES
Sitemap
Privacy
Website Terms of Use
Splunk Licensing Terms
Export Control
Modern Slavery Statement
Splunk Patents

© 2005-2021 Splunk Inc. All rights reserved.

Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.