Splunk Admin & Development Course Content

1. Splunk Basics, Licensing and Configuration Files

·         Introduction to the course

·         What is Splunk

·         What is Machine data

·         Prerequisites

·         Products of Splunk

·         Components of Splunk

·         Splunk Architecture

·         Setting up Splunk search head, indexer

·         Setting up Splunk forwarders

·         Splunk Licensing, Configuration files on Linux

·         Splunk File Precedence

·         Splunk Default Ports

·         Configuration files on Windows

·         Basic AWS Cloud for Infrastructure usage

·         Basic Linux which for Splunk needs

·         Difference between Linux and Windows OS in Splunk configuration

·         Types of files supported in Splunk

·         Common Splunk configuration files, inputs.conf, outputs.conf, indexes.conf, server.conf, web.conf, deploymentclient.conf, savedsearches.conf.

2. Types of Forwarders

·         Universal Forwarders

·         Lighter Forwarders

·         Heavy Forwarders

3. Data On-boarding

·         Upload

·         Monitor

·         Forwarders

4. Data Stages in Splunk through Queues

·         Parsing

·         Merging

·         Typing

·         Indexing

·         Null

·         Persistent

5. Field Extraction

·         Index-time Field Extraction

·         Search-time Field Extraction

·         Which is best Practice at Splunk point of view

6. Types of Searches and Optimization of Searches

·         Dense

·         Sparse

·         Super Sparse

·         Rare

7. Splunk Search Commands and Reporting Commands

·         Basic search commands-

ü  Ex: Fields, Table, Sort, Rename, Search; Understand time range of search.

·         Learn reporting and transforming commands in Splunk-

ü  Ex: Top, rare, stats, chart, Timechart, Dedup, Rex, regex fields, table, rename, multikv, tstats, eventstats, streamstats, append, mvappend, loadjob, join etc…

·         Usage of following commands and their functions: Top, Rare, Stats, Addcoltotals, Addtotals

·         Explore the available visualizations

·         Creation of charts and timecharts

·         Omit null values and format results

8. Managing Users, Indexes, Splunk Admin Roles and Clustering

·         User creation and management

·         Managing indexes

·         Importance of roles

·         Different permissions of each indexes

·         Splunk development concepts

·         Roles and responsibilities of Splunk Developer

·         How to configure LDAP authentication in Splunk

·         Admin role in managing Splunk

·         What is alert?

·         Reports and dashboards

·         Coordinating with Splunk Support

·         Implement Search Head Clustering

·         Implement Indexer Clustering

9. Deployment Process, Alerts, Tags and Event Types

·         Deploy Apps using Deployment server

·         creating tags and using them in search

·         Defining event types and their usefulness

·         Creating and using event types in search

·         creating and modifying alerts and use of Alerts

10. Analyzing & Calculating Results, Fields Extraction and Lookups

·         Using eval command

·         Perform calculations

·         Value Conversion

·         Round values

·         Format values

·         Conditional statements

·         Filtering calculated results

·         Raw Data Manipulation

·         Extraction of Fields,

·         What are lookups?

·         Lookup file example

·         Creating a lookup table

·         Defining a lookup

·         Configuring an automatic lookup

·         Using the lookup in searches and reports

11. Splunk Visualizations, Reports and Dashboards

·         Explore the available visualizations

·         Creating reports and charts

·         Creating dashboards and adding reports

12. Splunk Enhanced Solutions

·         Apps & Add On’s

·         Managing Apps and Add On’s

13. Single Site Clustering and Multi-Site Clustering

·         Deployment server’s deep explanation

·         [Advance] Splunk Clustering techniques-1

·         [Advance] Splunk Clustering techniques-2

·         [Advance] Splunk Clustering techniques-3

14. Data Ageing and Buckets Concept

·         Managing Index and indexes

·         Buckets like Hot, Warm, Cold, Frozen and Thawed

15. Troubleshooting and Interview Assistance

·         Troubleshoot Clustered environment

·         Interview discussions/questions/guidance

·         Project assignment, doubts and Q/A