Splunk Training + Certification
Splunk Enterprise Data Administration
- Free Courses
-
Learning Paths
- Courses for Users
-
Courses for Splunk Administrators
- Courses for Splunk Administrators
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Implementing Splunk SmartStore
- Splunk Workload Management
- Working with Metrics in Splunk
- Implementing Splunk Data Fabric Search (DFS)
- Implementing Splunk Data Stream Processor (DSP)
- Courses for Splunk Cloud Customers
-
Courses for Splunk Architects
- Courses for Splunk Architects
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Architecting Splunk Enterprise Deployments
- Courses for App Developers
-
Courses for Enterprise Security Administrators
- Courses for Enterprise Security Administrators
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Architecting Splunk Enterprise Deployments
- Administering Splunk Enterprise Security
- Courses for Enterprise Security End-Users
-
Courses for IT Service Intelligence Administrators
- Courses for IT Service Intelligence Administrators
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Implementing Splunk IT Service Intelligence
- Courses for IT Service Intelligence End-Users
- Courses for Phantom Customers
-
Courses for Observability Customers
- Courses for Observability Customers
- Observability Fundamentals Series (eLearning)
- Using Splunk Infrastructure Monitoring
- Automation Using the REST and SignalFlow APIs
- Sending Custom Metrics to Splunk IM
- Using Splunk APM to Monitor Microservices-based Applications
- Advanced Monitoring of Microservices Applications Using Splunk APM
-
Certification Tracks
- Splunk Core Certified User
- Splunk Core Certified Power User
- Splunk Core Certified Advanced Power User
- Splunk Cloud Certified Admin
- Splunk Enterprise Certified Admin
-
Splunk Enterprise Certified Architect
- Splunk Enterprise Certified Architect
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Architecting Splunk Enterprise Deployments
- Splunk Enterprise Practical Lab
- Splunk Certified Developer
- Splunk Enterprise Security Certified Admin
- Splunk IT Service Intelligence Certified Admin
-
Splunk Core Certified Consultant
- Splunk Core Certified Consultant
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Architecting Splunk Enterprise Deployments
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Deployment Practical Lab
- Splunk Fundamentals 3
- Creating Dashboards with Splunk
- Advanced Searching and Reporting
- Core Consultant Labs
- Services Core Implementation
- Splunk Phantom Certified Admin
-
Courses
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Creating Dashboards with Splunk
- Advanced Dashboards and Visualizations
- Building Splunk Apps
- Splunk for Analytics and Data Science
- Splunk Infrastructure Overview
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Cloud Administration
- Transitioning to Splunk Cloud
- Architecting Splunk Enterprise Deployments
- Working with Metrics in Splunk
- Implementing Splunk SmartStore
- Splunk Workload Management
- Splunk Deployment Practical Lab
- Implementing Splunk Data Stream Processor (DSP)
- Developing with Splunk's REST API
- Administering Splunk Enterprise Security
- Using Splunk Enterprise Security
- Implementing Splunk IT Service Intelligence
- Using Splunk IT Service Intelligence
- Splunk User Behavior Analytics
- Administering Phantom
- Developing Phantom Playbooks
- Advanced Phantom Implementation
- SignalFx Fundamentals Series (eLearning)
- Using Splunk Infrastructure Monitoring
- Using Splunk APM to Monitor Microservices-based Applications
- Automation Using the REST and SignalFlow APIs
- Sending Custom Metrics to Splunk IM
- Advanced Monitoring of Microservices Applications Using Splunk APM
- Implementing Splunk Data Fabric Search (DFS)
- Services Core Implementation
- Core Consultant Labs
-
ビデオ
- All Videos
- Splunk Cloud Tutorial
- Installing Splunk Enterprise on Linux
- Installing Splunk Enterprise on Windows
- Getting Data In to Splunk Enterprise (Linux)
- Getting Data In (Windows)
- Getting Data In with Forwarders
- Basic Search in Splunk Enterprise
- Create a Dashboard in Splunk Enterprise
- Splunk Certification Candidate Journey
- Creating Alerts in Splunk Enterprise
-
- Program Guide + FAQ
- Download Fact Sheet
Course Description
This 3 virtual day course is designed for system administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.
Instructor-led Training Schedule
Course Prerequisites
Required:
Splunk Fundamentals 1
Strongly Recommended:
- Splunk Fundamentals 2
- Splunk System Administration
Course Topics
- Deploy forwarders with Forwarder Management
- Splunk Configuration Files
- Configure common Splunk data inputs
- Customize the input parsing process
Course Objectives
Module 1 -Introduction to Data Administration
- Splunk overview
- Identify Splunk data administrator role
Module 2 - Getting Data In - Staging
- List the four phases of Splunk Index
- List Splunk input options
- Describe the band settings for an input
Module 3 - Configuring Forwarders
- Understand the role of production Indexers and Forwarders
- Understand the functionality of Universal Forwarders and Heavy Forwarders
- ConfigureForwarders
- Identify additional Forwarder options
Module 4 - Forwarder Management
- Explain the use of Forwarder Management
- Describe Splunk Deployment Server
- Manage forwarders using deployment apps
- Configure deployment clients
- Configure client groups
- Monitor forwarder management activities
Module 5 - Monitor Inputs
- Create file and directory monitor inputs
- Use optional settings for monitor inputs
- Deploy a remote monitor input
Module 6 - Network and Scripted Inputs
- Create network (TCP and UDP) inputs
- Describe optional settings for network inputs
- Create a basic scripted input
Module 7 - Agentless Inputs
- Identify Windows input types and uses
- Understand additional options to get data into Splunk
- HTTP Event Collector
- Splunk App for Stream
Module 8 - Fine Tuning Inputs
- Understand the default processing that occurs during input phase
- Configure input phase options, such as sourcetype fine-tuning and character set encoding
Module 9 - Parsing Phase and Data
- Understand the default processing that occurs during parsing
- Optimize and configure event line breaking
- Explain how timestamps and time zones are extracted or assigned to events
- Use Data Preview to validate event creation during the parsing phase
Module 10 - Manipulating Raw Data
- Explain how data transformations are defined and invoked
- Use transformations with props.conf and transforms.conf to:
- Mask or delete raw data as it is being indexed
- Override sourcetype or host based upon event values
- Route events to specific indexes based on event content
- Prevent unwanted events from being indexed
- Use SEDCMD to modify raw data
Module 11 - Supporting Knowledge Objects
- Create field extractions
- Configure collections for KV Store
- Manage Knowledge Object permissions
- Control automatic field extraction
Module 12 - Creating a Diag
- Identify Splunk diag
- Using Splunk diag