EQALIS ACADEMY

Deploying Splunk

This 8 hour workshop, split over two half days, focuses on designing a Splunk deployment. You will learn to assess your IT search requirements, design a Splunk topology, perform capacity planning and decide on indexing, security, and data management strategies.

Course Topics:

• Determining requirements
• Common deployment topologies
• What, how and where to index
• Data management policy
• Management and configuration of large deployments

Course Prerequisites:

• The Using Splunk course
• The Administrating Splunk course

Class Format
Instructor-led lecture with labs. Delivered via virtual classroom or at your site.

Course Description :

Assess project objectives and gathering data

We begin by defining project goals. You will be guided through the process of information gathering by conducting a source, user, device and application inventory and producing an estimate of data volume for each data source.  For user interviews, you will learn what questions to ask to determine user requirements and the data they require.

Design index strategy

Once you have identified data sources, consider how, what and where to index. You have choices on how Splunk processes and classifies data. You might wish to change default processing of timestamps, host names, and event boundaries or augment the default processing by defining
meta events and defining additional fields.

Design a topology and conduct capacity planing

With your data inventory and index strategy you are now ready to plan where to place Splunk and where to index. As part of this process, you will also access your requirements for distributed processing, high availability, data segregation, and load balancing.

Design a data management policy

What are your requirements for retention and archiving?  What about security and integrity - will you need to prove data has not been compromised? Do you need to control who has access to specific data? Lean what options are available for these requirements.

Design a server management strategy

How will you manage your Splunk servers as you introduce new versions and new data sources and bundles? Do you have an in house configuration management tool you wish to use to manage Splunk or do you wish to use the Splunk Deployment server or use both?

Click here to find upcoming course dates. 

EQALIS provide scheduled monthly web based training for splunk customers and partners in Europe, Middle East, Africa, and Asia. We can also offer discounted rates for group bookings delivered at your place of business or remotely.

Contact Us for more information