Splunk Admin Training Duration :- 2 Days
Overview of Splunk
Introduction to the Splunk 3 tier architecture, understanding the Server settings, control, preferences and licensing, the most important components of Splunk tool, the hardware requirements, conditions for installation of Splunk.
Understanding how to install and configure Splunk, index creation, input configuration in standalone server, the search preferences, installing Splunk in the Linux environment.
Splunk Installation in Linux
Installing Splunk in the Linux environment, the various prerequisites, configuration of Splunk in Linux.
Distributed Management Console
Introduction to the Splunk Distributed Management Console, index clustering, forwarder management and distributed search in Splunk environment, providing the right authentication to users, access control.
Introduction to Splunk App
Introducing the Splunk app, managing the Splunk app, the various add-ons in Splunk app, deleting and installing apps from SplunkBase, deploying the various app permissions, deploying the Splunk app, apps on forwarder.
Splunk indexes and users
Understanding the index time configuration file and search time configuration file.
Splunk configuration files
Learning about the index time and search time configuration files in Splunk, installing the forwarders, configuring the output and inputs.conf, managing the Universal Forwarders.
Splunk Deployment Management
Deploying the Splunk tool, the Splunk deployment Server, setting up the Splunk deployment environment, deploying the clients grouping in Splunk.
Understanding the Splunk Indexes, the default Splunk Indexes, segregating the Splunk Indexes, learning about Splunk Buckets and Bucket Classification, estimating index storage, creating new index.
User roles and authentication
Understanding the concept of role inheritance, Splunk authentications, native authentications, LDAP authentications.
Splunk Administration Environment
Splunk installation, configuration, data inputs, app management, Splunk important concepts, parsing machine-generated data, search indexer and forwarder.
Basic Production Environment
Introduction to Splunk Configuration Files, Universal Forwarder, Forwarder Management, data management, troubleshooting and monitoring.
Splunk Search Engine
Converting machine-generated data into operational intelligence, setting up Dashboard, Reports and Charts, integrating Search Head Clustering & Indexer Clustering.
Various Splunk Input Methods
Understanding the input methods, deploying scripted, Windows, network and agentless input types, fine-tuning it all.
Splunk User & Index Management
Splunk User authentication and Job Role assignment, learning to manage, monitor and optimize Splunk Indexes.
Machine Data Parsing
Understanding parsing of machine-generated data, manipulation of raw data, previewing and parsing, data field extraction.
Search Scaling and Monitoring
Distributed search concepts, improving search performance, large scale deployment and overcoming execution hurdles, working with Splunk Distributed Management Console for monitoring the entire operation.
Splunk Administration Project
Type – Field Extraction
Topics : In this project you will learn to extract fields from events using the Splunk field extraction technique. You will gain knowledge in the basics of field extractions, understand the use of field extractor, the field extraction page in Splunk web and field extract configuration in files. Learn about the regular expression and delimiters method of field extraction. Upon completion of the project you will gain expertise in building Splunk dashboard and use the extracted fields data in it to create rich visualizations in an enterprise setup.