Splunk Admin Online Training

Splunk Admin & Development Online Training

  1. Splunk Admin

Splunk Overview

What is Splunk?

Splunk Products


  • Splunk Enterprise
  • Splunk Cloud
  • Splunk Light


  • Splunk IT Service Intelligence
  • Splunk Insights for Infrastructure
  • Splunk Insights for AWS Cloud Monitoring
  • VictorOps


  • Splunk Enterprise Security
  • Splunk User Behavior Analytics
  • Splunk Insights for Ransomware
  • Phantom

Splunk Admin Importance in the industry

Who can learn Splunk Admin

  • Freshers
  • Experienced System Admin Experienced Professionals.
  • Who wants to start their career with Splunk

Splunk Career Scope & Why Splunk trending in the market.

Splunk Admin Training Curriculum 

Module 1 -Introduction to Data Administration

  • Splunk Overview
  • Identify Splunk data Administrator Role

Module 2 – Getting Data In – Staging

  • List the four phases of Splunk Index
  • List Splunk input options
  • Describe the band settings for an input

Module 3 – Configuring Forwarders

  • Understand the role of production Indexers and Forwarders
  • Understand the functionality of Universal Forwarders and Heavy Forwarders
  • Configure Forwarders
  • Identify additional Forwarder options

Module 4 – Forwarder Management

  • Explain the use of Forwarder Management
  • Describe Splunk Deployment Server
  • Manage forwarders using deployment apps
  • Configure deployment clients
  • Configure client groups
  • Monitor Forwarder Management Activities

Module 5 – Monitor Inputs

  • Create file and directory monitor inputs
  • Use optional settings for monitor inputs
  • Deploy a remote monitor input

Module 6 – Network and Scripted Inputs

  • Create network (TCP and UDP) inputs
  • Describe optional settings for network inputs
  • Create a basic scripted input

Module 7 – Agentless Inputs

  • Identify Windows input types and uses
  • Understand additional options to get data into Splunk
  • HTTP Event Collector
  • Splunk App for Stream

Module 8 – Fine Tuning Inputs

  • Understand the default processing that occurs during input phase
  • Configure input phase options, such as sourcetype fine-tuning and character set encoding

Module 9 – Parsing Phase and Data

  • Understand the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Explain how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase

Module 10 – Manipulating Raw Data

  • Explain how data transformations are defined and invoked
  • Use transformations with props.conf and transforms.conf to:
  • Mask or delete raw data as it is being indexed
  • Override sourcetype or host based upon event values
  • Route events to specific indexes based on event content
  • Prevent unwanted events from being indexed
  • Use SEDCMD to modify raw data

Module 11 – Supporting Knowledge Objects

  • Create field extractions
  • Configure collections for KV Store
  • Manage Knowledge Object permissions
  • Control automatic field extraction

Module 12 – Creating a Diag

  • Identify Splunk diag
  • Using Splunk diag

Module 13 –  Splunk Apps

  • Describe Splunk apps and add-ons
  • Install an app on a Splunk instance
  • Manage app accessibility and permissions

Module 14 – Splunk Configuration Files

  • Describe Splunk configuration directory structure
  • Understand configuration layering process
  • Use btool to examine configuration settings

Module 15 – Splunk Indexes

  • Describe index structure
  • List types of index buckets
  • Create new indexes

Module 16 – Splunk User Management

  • Describe user roles in Splunk
  • Create a custom role
  • Add Splunk users

Splunk Troubleshooting

What are the Splunk Admin Roles and Responsibilities.

Expected Real-Time Splunk Administration Interview Questions.

How to Crack in the Splunk Certification Exam.

 2.  Splunk Development