Architecting Splunk Enterprise Deployments

This nine-hour course focuses on large enterprise deployments. Students will learn steps and best practices for planning, data collection and sizing for a distributed deployment. Workshop-style labs challenge students to make design decisions about an example enterprise deployment.

View schedule »

Download course description »

Upcoming Classes

Course Topics

  • Requirements definition
  • Index and infrastructure planning
  • Data collection
  • Forwarders
  • Managing Deployments
  • Data comprehension
  • Search considerations
  • Operations and management

Course Prerequisites

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2
  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site.

Course Objectives

Module 1 - Introduction

  • Overview of the Splunk deployment planning process and associated tools

Module 2 - Initial Requirements Definition

  • Identify critical information about environment, volume, users, and requirements
  • Review checklists and resources to aid in collecting requirements

Module 3 - Apps and Index Design

  • Design and size indexes
  • Plan app deployment

Module 4 - Infrastructure

  • Learn sizing factors for servers
  • Understand how reference hardware is used to scale deployments
  • Identify the impact of clustering for index replication and for search heads
  • Identify best practices for authentication, authorization and access control

Module 5 - Data Collection

  • Compare agent-based and agentless data collection methods
  • Discuss data inputs
  • Compare remote collection methods

Module 6 - Forwarders and Deployment Management

  • Review types of forwarders
  • Understand how to manage forwarder installation
  • Understand configuration management for all Splunk components, using Splunk deployment tools

Module 7 - Data Comprehension and Enrichment

  • Identify the six things you must get correct at index time
  • Discuss Common Information Model
  • Discuss Data Models and data model design
  • Discuss data enrichment, including lookups and KV Store

Module 8 - Search Considerations

  • Discuss search performance
  • Discuss differences between summarization methods

Module 9 - Integration

  • Describe integration methods
  • Identify common integration points

Module 10 - Operations and Management

  • Identify ongoing tasks in a Splunk deployment
  • Identify backup and archiving methods
  • Discuss onboarding processes
  • Review monitoring tools and apps