Splunk Enterprise System Administration
Duration : 2 Days (16 Hours)
Splunk Enterprise System Administration Course Overview:
This Splunk Enterprise Administration course is tailored for system administrators tasked with managing Splunk Enterprise environments. It provides essential knowledge about Splunk’s license manager, indexers, and search heads, covering configuration, management, and monitoring of core components, equipping participants with the skills needed for effective administration.
Intended Audience:
- System Administrators
- IT Professionals
- Splunk Administrators
- Those responsible for managing Splunk Enterprise environments
Learning Objectives of Splunk Enterprise System Administration:
- Splunk Deployment Overview
- License Management
- Splunk Configuration Files
- Splunk Apps
- Index Management
- Users, Roles, and Authentication
- Basic Forwarding
- Distributed Search
Module 1 – Deploying Splunk
- Overview of Splunk
- Identifying Splunk Enterprise components
- Types of Splunk deployments
- Steps to install Splunk
- Using Splunk CLI commands
- Exploring security best practices
Module 2 – Monitoring Splunk
- Using Splunk Health Report
- Enabling the Monitoring Console (MC)
- Utilizing Splunk Assist
- Leveraging Splunk Diag
Module 3 – Licensing Splunk
- Identifying Splunk license types
- Describing license violations
- Adding and removing licenses
Module 4 – Using Configuration Files
- Describing Splunk configuration directory structure
- Understanding configuration layering process
- Using btool to examine configuration settings
Module 5 – Using Apps
- Describing Splunk apps and add-ons
- Installing an app on a Splunk instance
- Managing app accessibility and permissions
Module 6 – Creating Indexes
- Learning how Splunk indexes function
- Identifying the types of index buckets
- Adding and working with indexes
- Overview of metrics index
Module 7 – Managing Index
- Reviewing Splunk Index Management basics
- Identifying data retention recommendations
- Identifying backup recommendations
- Moving and deleting index data
- Describing the use of the Fishbucket
- Restoring a frozen bucket
Module 8 – Managing Users
- Adding Splunk users using native authentication
- Describing user roles in Splunk
- Creating a custom role
- Managing users in Splunk
Module 9 – Configuring Basic Forwarding
- Identifying forwarder configuration steps
- Configuring a Universal Forwarder
- Understanding the Deployment Server
Module 10 – Configuring Distributed Search
- Describing how distributed search works
- Defining the roles of the search head and search peers
Splunk Enterprise System Administration Course Prerequisites:
To be successful in this course, students should have a solid understanding of either the following courses:
- What is Splunk?
- Intro to Splunk
- Using Fields
- Introduction to Knowledge Objects
OR
- Splunk Fundamentals 1
- Splunk Fundamentals 2
Discover the perfect fit for your learning journey
Choose Learning Modality
Live Online
- Convenience
- Cost-effective
- Self-paced learning
- Scalability
Classroom
- Interaction and collaboration
- Networking opportunities
- Real-time feedback
- Personal attention
Onsite
- Familiar environment
- Confidentiality
- Team building
- Immediate application
Training Exclusives
This course comes with following benefits:
- Practice Labs.
- Get Trained by Certified Trainers.
- Access to the recordings of your class sessions for 90 days.
- Digital courseware
- Experience 24*7 learner support.
Got more questions? We’re all ears and ready to assist!