Splunk 6 Cluster Administration

This nine-hour course is for advanced Splunk administrators. The course provides the fundamental knowledge of deploying and managing a Splunk cluster environment. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk clusters.

While Splunk Clusters are supported in Windows environments, the class lab environment is running Linux instances only.

View schedule »

Download course description »

Upcoming Classes

Course Topics

  • Large-scale Splunk Deployment Overview
  • Single-site (high-availability) Indexer Cluster
  • Multisite (disaster-recovery) Indexer Cluster
  • Forwarder Configuration
  • Search Head Cluster
  • Cluster Management and Administration
  • Distributed Management Console

Course Prerequisites


  • Using Splunk
  • Splunk 6 Administration
  • Working Linux knowledge

Strongly Recommended:

  • Architecting and Deploying Splunk 6
  • 3 months of hands-on Splunk administration experience

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site.

Course Objectives

Module 1 - Large-scale Splunk Deployment Overview

  • Growing pain and deployment challenges
  • License Master

Module 2 - Single-site Indexer Cluster

  • Splunk index cluster overview
  • Single-site index cluster configuration

Module 3 - Multisite Indexer Cluster

  • Splunk multi-site indexer cluster overview
  • Multi-site indexer cluster configuration
  • Multi-site search affinity

Module 4 - Forwarder Management

  • Indexer discovery

Module 5  - Search Head Cluster

  • Splunk search head cluster overview
  • Search head cluster configuration

Module 6 - Cluster Management and Administration

  • Cluster management commands
  • Deploying configuration bundles and apps in cluster
  • Adding new cluster nodes
  • Decommissioning a cluster node

Module 7  - Distributed Management Console (DMC)

  • Distributed Management Console setup