Module 1: Deploying Splunk

• Introduction to Splunk Validated Architectures

Module 2: Monitoring Console

• Choosing the Best Instance for Monitoring Console Configuration
• Configuring the Monitoring Console for Single or Distributed Environments
• Understanding How the Monitoring Console Uses Server Roles and Groups
• Health Checks and Their Execution

Module 4: Access and Roles

• Managing Deployment Server at Scale
• Identifying Authentication Methods
• Explaining LDAP Concepts and Configuration
• Discussing SAML and SSO Options
• Defining Roles and Their Role in Data Protection

Module 5: Data Collection

• Examining Splunk to Splunk (S2S) Communication and Data Transfer
• Describing Types and Configuration of Data Inputs
• Troubleshooting Data Inputs

Module 6: Indexing

• Reviewing Indexing Artifacts and Locations
• Discussing Event Processing and Data Pipelines
• Understanding Text Parsing and Indexing
• Examining Data Retention Controls

Module 7: Search

• Exploring the Inner Workings of a Search
• Utilizing Search Job Inspection
• Maximizing Search Efficiency with Different Search Types
• Understanding Subsearches and Their Functionality
• Optimizing Sample Searches

Module 8: Index Clustering

• Providing an Architecture Overview
• Describing Deployment and Component Configuration
• Reviewing Upgrade Strategy
• Discussing Data Buckets and Lifecycle
• Examining Failure Modes and Recovery Processes
• Introducing Multi-Site Clustering
• Explaining Migration Procedures

Core Implementation Course Prerequisites:

To be eligible for registration, candidates must possess all of the following certifications:

• Splunk Core Certified Power User
• Splunk Core Certified Advanced Power User
• Splunk Enterprise Certified Admin
• Splunk Enterprise Certified Architect
  
  
• Prerequisite Courses:
• To qualify for registration and be successful in this highly technically
• complex course, candidates must have completed —
• ▪ Core Consultant Labs
• Experience in attending a PS shadowing engagement is not required,
• but is highly recommended, as is extensive practice in a lab-based
• environment
• *Completion of the following courses are considered an acceptable
• substitute for the Splunk Core Certified Advanced Power User badge:
• o Using Fields
• o Working with Time
• o Comparing Values
• o Result Modification
• o Leveraging Lookups and Subsearches
• o Correlation Analysis
• o Search Under the Hood
• o Multivalue Fields
• o Search Optimization
• o Creating Knowledge Objects
• o Creating Field Extractions
• o Enriching Data with Lookups
• o Data Models
• o Introduction to Dashboards
• o Dynamic Dashboards
• Prerequisite Linux Skills
• Attendees must be comfortable and competent in core Linux skills
• such as:
• ▪ File & permission management
• ▪ Service configuration
• ▪ Installation best-practices
• ▪ ssh & scp