Administering Splunk 5.0

This eight hour course prepares system administrators to configure and manage Splunk. It covers installation, configuring data inputs and forwarders, data management, user accounts, licenses, and basic troubleshooting and monitoring. It's recommended for systems administrators responsible for the day-to-day administration of Splunk.

Course Topics

• Typical Splunk installations

• Apps and technology add-ons

• Common methods of data input

• Splunk forwarders' role in data inputs

• Default input processing and common configurations

• Managing Splunk data stores

• Configuring groups, users, and data security

• Managing and installing Splunk licenses

• Troubleshooting a Splunk instal

• lBest practices for upgrading Splunk

Class Format 

As Above.

Prerequisites

Using Splunk

Course Objectives

Lesson 1 - Setting Up Splunk

• Describe typical Splunk installs

• Install Splunk

• Perform server basics including starting, stopping, and restarting Splunk

Lesson 2 - Getting Data In

• Identify how to get data into Splunk

• Set up inputs using Apps

• Set input properties such as host, ports, index, source type, etc.

Lesson 3 - Data Inputs

• Manually specify data inputs

• List Splunk's data input types and explain how they diffe

• Set input properties such as host, ports, index, source type, etc

Lesson 4 - Windows Inputs 

• Understand Windows-specific data

• Configure Windows specific inputs

Lesson 5 - Forwarders

• Compare forwarder types

• Understand forwarder benefits

• Deploy and configure forwarders

Lesson 6 - Understanding Data Processing

• Describe how data moves through Splunk

• Set source type

• Understand how Splunk sets time zones

• Configure search-time field extraction 

Lesson 7 - Splunk's Data Store

• Set up indexes

• Describe back up strategies

• Set archived data parameters

• Restore archived data

Lesson 8 - Users, Roles, and Authentication

• Understand user roles in Splunk

• Create a custom role

• Understand the delete role

Lesson 9 - Licensing 

• Identify license types

• Understand license violations

• Define license groups, license pooling and stacking

• Add and remove licenses

Lesson 10 - Housekeeping

• Describe jobs and job management

• Understand alerts, and alert settings

• Understand knowledge objects and their permissions

• Describe troubleshooting best practices

• Identify where to get help

Lesson 11 - Upgrading Splunk

• Understand Splunk's update mode

• Identify where to look for Splunk update notifications

• Describe the recommended steps to upgrade Splunk