Splunk Admin & Development Online Training
- Splunk Admin
Splunk Overview
What is Splunk?
Splunk Products
SPLUNK PLATFORM
- Splunk Enterprise
- Splunk Cloud
- Splunk Light
SPLUNK FOR IT OPERATIONS
- Splunk IT Service Intelligence
- Splunk Insights for Infrastructure
- Splunk Insights for AWS Cloud Monitoring
- VictorOps
SPLUNK FOR SECURITY
- Splunk Enterprise Security
- Splunk User Behavior Analytics
- Splunk Insights for Ransomware
- Phantom
Splunk Admin Importance in the industry
Who can learn Splunk Admin
- Freshers
- Experienced System Admin Experienced Professionals.
- Who wants to start their career with Splunk
Splunk Career Scope & Why Splunk trending in the market.
Splunk Admin Training Curriculum
Module 1 -Introduction to Data Administration
- Splunk Overview
- Identify Splunk data Administrator Role
Module 2 – Getting Data In – Staging
- List the four phases of Splunk Index
- List Splunk input options
- Describe the band settings for an input
Module 3 – Configuring Forwarders
- Understand the role of production Indexers and Forwarders
- Understand the functionality of Universal Forwarders and Heavy Forwarders
- Configure Forwarders
- Identify additional Forwarder options
Module 4 – Forwarder Management
- Explain the use of Forwarder Management
- Describe Splunk Deployment Server
- Manage forwarders using deployment apps
- Configure deployment clients
- Configure client groups
- Monitor Forwarder Management Activities
Module 5 – Monitor Inputs
- Create file and directory monitor inputs
- Use optional settings for monitor inputs
- Deploy a remote monitor input
Module 6 – Network and Scripted Inputs
- Create network (TCP and UDP) inputs
- Describe optional settings for network inputs
- Create a basic scripted input
Module 7 – Agentless Inputs
- Identify Windows input types and uses
- Understand additional options to get data into Splunk
- HTTP Event Collector
- Splunk App for Stream
Module 8 – Fine Tuning Inputs
- Understand the default processing that occurs during input phase
- Configure input phase options, such as sourcetype fine-tuning and character set encoding
Module 9 – Parsing Phase and Data
- Understand the default processing that occurs during parsing
- Optimize and configure event line breaking
- Explain how timestamps and time zones are extracted or assigned to events
- Use Data Preview to validate event creation during the parsing phase
Module 10 – Manipulating Raw Data
- Explain how data transformations are defined and invoked
- Use transformations with props.conf and transforms.conf to:
- Mask or delete raw data as it is being indexed
- Override sourcetype or host based upon event values
- Route events to specific indexes based on event content
- Prevent unwanted events from being indexed
- Use SEDCMD to modify raw data
Module 11 – Supporting Knowledge Objects
- Create field extractions
- Configure collections for KV Store
- Manage Knowledge Object permissions
- Control automatic field extraction
Module 12 – Creating a Diag
- Identify Splunk diag
- Using Splunk diag
Module 13 – Splunk Apps
- Describe Splunk apps and add-ons
- Install an app on a Splunk instance
- Manage app accessibility and permissions
Module 14 – Splunk Configuration Files
- Describe Splunk configuration directory structure
- Understand configuration layering process
- Use btool to examine configuration settings
Module 15 – Splunk Indexes
- Describe index structure
- List types of index buckets
- Create new indexes
Module 16 – Splunk User Management
- Describe user roles in Splunk
- Create a custom role
- Add Splunk users
Splunk Troubleshooting
What are the Splunk Admin Roles and Responsibilities.
Expected Real-Time Splunk Administration Interview Questions.
How to Crack in the Splunk Certification Exam.
2. Splunk Development