Splunk Engineering: Advanced Level
Course Curriculum
Splunk Server Deployment
-
Provide an overview of Splunk
-
Identify Splunk Enterprise components
-
Identify the types of Splunk deployments
-
List the steps to install Splunk
-
Use Splunk CLI commands
Splunk Server Monitoring
-
Enable the Monitoring Console (MC)
-
Identify Splunk License types
-
Describe License violations
-
Add and remove Licenses
-
Use Splunk Diag
Splunk Apps
-
Describe Splunk Apps and Add-ons
-
Install an App on a Splunk instance
-
Manage App accessibility and permissions
Configuration Files
-
Identify and Describe Splunk Configuration files and Directory structure.
-
Describe index-time and search-time precedence
-
Validate and Update Configuration files
-
Understand configuration layering process
-
Use btool to examine configuration settings
Forwarder Configuration
-
Identify the role of Production Indexers and Forwarders
-
Understand and Configure Universal Forwarders
-
Understand and Configure Heavy Forwarders
-
Understand and Configure Intermediate Forwarders
-
Identify additional Forwarder options
Forwarder Management
-
Describe Splunk Deployment Server (DS)
-
Manage Forwarders using Deployment Apps
-
Configure Deployment Clients and Client groups
-
Monitor Forwarder Management activities
Splunk Indexes
-
Learn how Splunk Indexes function
-
Identify the types of Index buckets
-
Add and work with Indexes
-
Overview of Metrics Index
Splunk Index Management
-
Review Splunk Index Management basics
-
Identify Data Retention recommendations
-
Identify Backup recommendations
-
Move and delete Index data
-
Describe the use of the Fishbucket
-
Restore a Frozen bucket
Splunk User Management
-
Add Splunk Users using Native Authentication
-
Describe User roles in Splunk
-
Create a Custom role
-
Manage Users in Splunk
Distributed Search
-
Describe How Distributed Search Works
-
Define the Roles of the Search Head and Search Peers
Monitor Inputs
-
Create File and Directory Monitor Inputs
-
Use Optional Settings for Monitor Inputs
-
Deploy a Remote Monitor Input
Network Inputs
-
Create Network (TCP and UDP) Inputs
-
Describe Optional Settings for Network Inputs
Scripted Inputs
-
Create a basic Scripted Input
Agentless Inputs
-
Configure Splunk HTTP Event Collector (HEC) Agentless Input
-
Describe Splunk App for Stream
Operating System Inputs
-
Identify Linux-specific Inputs
-
Identify Windows-specific Inputs
Fine-tuning Inputs
-
Understand the Default Processing that occurs during Input Phase
-
Configure Input Phase Options, such as Sourcetype Fine-Tuning and Character Set Encoding
Parsing Phase and Data Preview
-
Understand the Default Processing that occurs during Parsing
-
Optimize and Configure Event Line Breaking
-
Explain how Timestamps and Time Zones are extracted or assigned to Events
-
Use Data Preview to Validate Event Creation during Parsing Phase
Manipulating Raw Data
-
Explain How Data Transformations are Defined and Invoked
-
Use transformations with props.conf and transforms.conf to:
-
Use SEDCMD to Modify Raw Data
Course description
This course is for individuals who will be responsible for getting data in and managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It also provides fundamental knowledge of Splunk license manager, indexers, and search heads. It covers the extensive configuration, management, and monitoring core Splunk Enterprise components as well as the installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components. This Splunk certification training will help you clear the following Certification levels in Splunk.
• Splunk Enterprise Certified Admin
What I will learn?
- In this course, you will learn Splunk Deployment Overview, License Management, Splunk Apps, Splunk Configuration Files, Users, Roles, and Authentication, Getting Data In, and Distributed Search.
Material Includes
- Lecture Sheets and Recordings
- PDF Resources
- Useful Links
Requirements
- Laptop: A laptop with at least 8 GB of Memory, 1.8 GHZ of CPU and 250GB of Hard Drive or more.
- Notebook: This is needed to take notes during the lectures and document your questions.
- Passion: Here at JM MiSa training, we believe no true success is void of a drive and will to succeed. This is what makes you stay focused when you encounter obstacles or challenges along the way. Don't worry, our experienced instructors will be there with you all through the way.
Target Audience
- Individuals with an intermediate understanding of the Splunk Enterprise environment or those who have successfully completed Splunk Engineering: Intermediate Level.
A course by
Student Ratings & Reviews
-
LevelExpert
-
Duration28 hours
-
Last UpdatedMay 15, 2022
Splunk Engineering: Advanced Level
-
LevelExpert
-
Duration28 hours
-
Last UpdatedMay 15, 2022
Course Curriculum
Splunk Server Deployment
-
Provide an overview of Splunk
-
Identify Splunk Enterprise components
-
Identify the types of Splunk deployments
-
List the steps to install Splunk
-
Use Splunk CLI commands
Splunk Server Monitoring
-
Enable the Monitoring Console (MC)
-
Identify Splunk License types
-
Describe License violations
-
Add and remove Licenses
-
Use Splunk Diag
Splunk Apps
-
Describe Splunk Apps and Add-ons
-
Install an App on a Splunk instance
-
Manage App accessibility and permissions
Configuration Files
-
Identify and Describe Splunk Configuration files and Directory structure.
-
Describe index-time and search-time precedence
-
Validate and Update Configuration files
-
Understand configuration layering process
-
Use btool to examine configuration settings
Forwarder Configuration
-
Identify the role of Production Indexers and Forwarders
-
Understand and Configure Universal Forwarders
-
Understand and Configure Heavy Forwarders
-
Understand and Configure Intermediate Forwarders
-
Identify additional Forwarder options
Forwarder Management
-
Describe Splunk Deployment Server (DS)
-
Manage Forwarders using Deployment Apps
-
Configure Deployment Clients and Client groups
-
Monitor Forwarder Management activities
Splunk Indexes
-
Learn how Splunk Indexes function
-
Identify the types of Index buckets
-
Add and work with Indexes
-
Overview of Metrics Index
Splunk Index Management
-
Review Splunk Index Management basics
-
Identify Data Retention recommendations
-
Identify Backup recommendations
-
Move and delete Index data
-
Describe the use of the Fishbucket
-
Restore a Frozen bucket
Splunk User Management
-
Add Splunk Users using Native Authentication
-
Describe User roles in Splunk
-
Create a Custom role
-
Manage Users in Splunk
Distributed Search
-
Describe How Distributed Search Works
-
Define the Roles of the Search Head and Search Peers
Monitor Inputs
-
Create File and Directory Monitor Inputs
-
Use Optional Settings for Monitor Inputs
-
Deploy a Remote Monitor Input
Network Inputs
-
Create Network (TCP and UDP) Inputs
-
Describe Optional Settings for Network Inputs
Scripted Inputs
-
Create a basic Scripted Input
Agentless Inputs
-
Configure Splunk HTTP Event Collector (HEC) Agentless Input
-
Describe Splunk App for Stream
Operating System Inputs
-
Identify Linux-specific Inputs
-
Identify Windows-specific Inputs
Fine-tuning Inputs
-
Understand the Default Processing that occurs during Input Phase
-
Configure Input Phase Options, such as Sourcetype Fine-Tuning and Character Set Encoding
Parsing Phase and Data Preview
-
Understand the Default Processing that occurs during Parsing
-
Optimize and Configure Event Line Breaking
-
Explain how Timestamps and Time Zones are extracted or assigned to Events
-
Use Data Preview to Validate Event Creation during Parsing Phase
Manipulating Raw Data
-
Explain How Data Transformations are Defined and Invoked
-
Use transformations with props.conf and transforms.conf to:
-
Use SEDCMD to Modify Raw Data
Course description
This course is for individuals who will be responsible for getting data in and managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It also provides fundamental knowledge of Splunk license manager, indexers, and search heads. It covers the extensive configuration, management, and monitoring core Splunk Enterprise components as well as the installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components. This Splunk certification training will help you clear the following Certification levels in Splunk.
• Splunk Enterprise Certified Admin
What I will learn?
- In this course, you will learn Splunk Deployment Overview, License Management, Splunk Apps, Splunk Configuration Files, Users, Roles, and Authentication, Getting Data In, and Distributed Search.
Material Includes
- Lecture Sheets and Recordings
- PDF Resources
- Useful Links
Requirements
- Laptop: A laptop with at least 8 GB of Memory, 1.8 GHZ of CPU and 250GB of Hard Drive or more.
- Notebook: This is needed to take notes during the lectures and document your questions.
- Passion: Here at JM MiSa training, we believe no true success is void of a drive and will to succeed. This is what makes you stay focused when you encounter obstacles or challenges along the way. Don't worry, our experienced instructors will be there with you all through the way.
Target Audience
- Individuals with an intermediate understanding of the Splunk Enterprise environment or those who have successfully completed Splunk Engineering: Intermediate Level.