Troubleshooting Splunk Enterprise

Training + Certification

Course Description

This 2-virtual day course is designed for Splunk administrators. It covers topics and techniques for troubleshooting a standard Splunk distributed deployment using the tools available on Splunk Enterprise 6.6.

It is a lab-oriented class designed to help you gain troubleshooting experience before attending more advanced courses. You will debug a distributed Splunk Enterprise environment using the live system and simulated case logs.

This course does not cover the issues surrounding Splunk Cloud, Splunk Clusters, or Splunk premium apps.

Download Course Description

Instructor-led Training Schedule

Start Date	Start Time	Time Zone
25-Jun-18	09:00 AM	(GMT+01:00) Brussels, Copenhagen, Madrid, Paris	Register
25-Jun-18	09:00 AM	(GMT-05:00) Eastern Time (US & Canada)	Register
02-Jul-18	09:00 AM	(GMT+01:00) Brussels, Copenhagen, Madrid, Paris	Register
02-Jul-18	09:00 AM	(GMT+08:00) Kuala Lumpur, Singapore	Register
09-Jul-18	09:00 AM	(GMT-07:00) Arizona	Register

View Schedule

Course Prerequisites

Splunk Fundamentals 1
Splunk Fundamentals 2
Splunk Data Administration
Splunk System Administration

Course Topics

Splunk Support Model
Splunk Troubleshooting Methods and Tools
Clarifying the ProblemInstallation, Licensing, and Crash Problems
UI and Search Problems
Configuration Problems
Deployment Problems
User Management Problems

Course Objectives

Module 1 – Splunk Support Model

Splunk support resources

Module 2 – Splunk Troubleshooting Methods and Tools

Splunk troubleshooting approach
Splunk diagnostic resources and tools

Module 3 – Clarifying the Problem

Splunk deployment topology
Index-time pipeline
Metrics.log

Module 4 – Installation, Licensing, and Crash Problems

Installation issues
License issues
Crash issues

Module 5 – Configuration Problems

Input issues
Monitoring console

Module 6 – Search Problems

Search issues
Job inspector

Module 7 – Deployment Problems

Forwarding issues
Deployment server issues

Module 8 – User Management Problems

Splunk users and role capabilities
Directory integration issues