Splunk Training + Certification
Implementing Splunk Data Stream Processor (DSP)
The newest comprehensive resource from Splunk Training + Certification is here.
- Free Courses
-
Learning Paths
- Courses for Users
-
Courses for Splunk Administrators
- Courses for Splunk Administrators
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Implementing Splunk SmartStore
- Splunk Workload Management
- Working with Metrics in Splunk
- Implementing Splunk Data Stream Processor (DSP)
- Courses for Splunk Cloud Customers
-
Courses for Splunk Architects
- Courses for Splunk Architects
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Architecting Splunk Enterprise Deployments
- Courses for App Developers
-
Courses for Enterprise Security Administrators
- Courses for Enterprise Security Administrators
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Architecting Splunk Enterprise Deployments
- Administering Splunk Enterprise Security
- Courses for Enterprise Security End-Users
-
Courses for IT Service Intelligence Administrators
- Courses for IT Service Intelligence Administrators
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Implementing Splunk IT Service Intelligence
- Courses for IT Service Intelligence End-Users
- Courses for Phantom Customers
-
Courses for Observability Customers
- Courses for Observability Customers
- Introduction to Splunk Observability
- Using Splunk Infrastructure Monitoring
- Kubernetes Monitoring with Splunk
- Automation Using the REST and SignalFlow APIs
- Using the Splunk Terraform Provider
- Sending Custom Metrics to Splunk IM
- Using Splunk APM to Monitor Microservices-based Applications
- Advanced Monitoring of Microservices Applications Using Splunk APM
- Using the Splunk Log Observer
-
Certification Tracks
- Splunk Core Certified User
- Splunk Core Certified Power User
- Splunk Core Certified Advanced Power User
- Splunk Cloud Certified Admin
- Splunk Enterprise Certified Admin
-
Splunk Enterprise Certified Architect
- Splunk Enterprise Certified Architect
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Architecting Splunk Enterprise Deployments
- Splunk Enterprise Practical Lab
- Splunk Certified Developer
- Splunk Enterprise Security Certified Admin
- Splunk IT Service Intelligence Certified Admin
-
Splunk Core Certified Consultant
- Splunk Core Certified Consultant
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Architecting Splunk Enterprise Deployments
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Deployment Practical Lab
- Splunk Fundamentals 3
- Creating Dashboards with Splunk
- Advanced Searching and Reporting
- Core Consultant Labs
- Services Core Implementation
- Splunk Phantom Certified Admin
-
Courses
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Creating Dashboards with Splunk
- Advanced Dashboards and Visualizations
- Building Splunk Apps
- Splunk for Analytics and Data Science
- Splunk Infrastructure Overview
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Cloud Administration
- Transitioning to Splunk Cloud
- Architecting Splunk Enterprise Deployments
- Working with Metrics in Splunk
- Implementing Splunk SmartStore
- Splunk Workload Management
- Splunk Deployment Practical Lab
- Implementing Splunk Data Stream Processor (DSP)
- Developing with Splunk's REST API
- Administering Splunk Enterprise Security
- Using Splunk Enterprise Security
- Implementing Splunk IT Service Intelligence
- Using Splunk IT Service Intelligence
- Splunk User Behavior Analytics
- Administering Phantom
- Developing Phantom Playbooks
- Advanced Phantom Implementation
- Introduction to Splunk IM
- Using Splunk Infrastructure Monitoring
- Kubernetes Monitoring with Splunk
- Using Splunk APM to Monitor Microservices-based Applications
- Automation Using the REST and SignalFlow APIs
- Using the Splunk Terraform Provider
- Sending Custom Metrics to Splunk IM
- Advanced Monitoring of Microservices Applications Using Splunk APM
- Services Core Implementation
- Core Consultant Labs
- IT Essentials Learn - Walkthrough
- Implementing the Splunk App for Infrastructure (SAI)
- Responding to Incidents with Splunk On-Call
- Splunk On-Call Administration
- Introduction to Splunk Observability
- Using Splunk Real User Monitoring
- Using the Splunk Log Observer
-
Videos
- All Videos
- Splunk Cloud Tutorial
- Installing Splunk Enterprise on Linux
- Installing Splunk Enterprise on Windows
- Getting Data In to Splunk Enterprise (Linux)
- Getting Data In (Windows)
- Getting Data In with Forwarders
- Basic Search in Splunk Enterprise
- Create a Dashboard in Splunk Enterprise
- Splunk Certification Candidate Journey
- Creating Alerts in Splunk Enterprise
-
- Program Guide + FAQ
- Download Fact Sheet
Course Description
This 4-day course is designed for the experienced Splunk administrators who are new to Splunk DSP. This hands-on class provides the fundamentals of deploying a Splunk DSP cluster and designing pipelines for core use cases. It covers installation, source and sink configurations, pipeline design and backup, and monitoring a DSP environment.
Instructor-led Training Schedule
Course Prerequisites
Required:
Splunk Enterprise System Administration Splunk Enterprise Data Administration
Recommended:
Architecting Splunk Enterprise Deployments Working knowledge of: Distributed system architectures Apache Kafka (user level) Apache Flink (user level) Kubernetes (admin level)
Course Topics
- Introduction to Splunk Data Stream Processor
- Deploying a DSP cluster
- Prepping Sources and Sinks
- Building Pipelines - Basics
- Building Pipelines - Deep Dive
- Working with 3rd party Data Feeds
- Working with Metric Data
- Monitoring DSP Environment
Course Objectives
Module 1 – Introduction to DSP
- Review Splunk deployment options and challenges
- Describe the purpose and value of Splunk DSP
- Understand DSP concepts and terminologies
Module 2 – Deploying a DSP Cluster
- List DSP core components and system requirements
- List DSP core components and system requirements
- Describe installation options and steps
- Check DSP service status
- Learn to navigate in DSP UI
- Use scloud
Module 3 – Prepping Sources and Sinks
- Ingest data with DSP REST API service
- Configure DSP source connections for Splunk data
- Configure DSP sink connections for Splunk indexers
- Create Splunk-to Splunk pass-through pipelines
Module 4 – Building Pipelines - Basics
- Describe the basic elements of a DSP pipeline
- Create data pipelines with the DSP canvas and SPL2
- List DSP pipeline commands
- Use scalar functions to convert data types and schema
- Filter and route data to multiple sinks
Module 5 – Building Pipelines - Deep Dive
- Manipulate pipeline options:
- Extract
- Transform
- Obfuscate
- Aggregate and conditional trigger
Module 6 – Working with 3rd party Data Feeds
- Read from and write data to pub-sub systems like Kafka
- List sources supported with the collect service
- Transform data from Kafka and normalize
- Write to S3
Module 7 – Working with Metric Data
- Onboard metric data into DSP
- Transform metric data for Splunk indexers and SignalFx
- Send metric data to Splunk indexers
- Send metric data to Splunk SignalFx
Module 8 – Monitoring DSP Environment
- Back up DSP pipelines
- Monitor DSP environment
- Describe steps to isolate DSP service issues
- Scale DSP
- Replace DSP master node
- Upgrade DSP cluster
