Architecting and Deploying Splunk 5.0

This six hour course focuses on large enterprise deployments. Students will learn steps and best practices for planning, data collection, sizing, and distributed deployment. Workshop-style labs offer students an opportunity to design a deployment based on a common distributed use case. 

Course Topics

• Preparation

• Infrastructure planning

• Data collection

• Data comprehension

• Search considerations

• High level development and external integration concepts

• Operations and management

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site. 

Prerequisites

Using Splunk

Administrating Splunk

Advanced Splunk Administration

Course Objectives

Lesson 1 - Preparation

• Define common customer goals and use cases

• Gather information about environment, volume, users, and requirements

Lesson 2 - Infrastructure

• Understand sizing factors

• Understand space, retention, and indexes

• Identify topology and network scenarios

• Understand security, authentication, authorization

Lesson 3 - Data Collection

• Compare remote collection methods

• Discuss inputs

• Understand 'agentless' collection

• Discuss routing

Lesson 4 - Data comprehension

• Identify the 6 things you must get correct at index time

• Discuss field extractions

• Discuss data enrichment 

Lesson 5 - Querying

• Identify best practices for querying, reporting, and alerting

Lesson 6 - Integration

• Describe integration methods

• Identify common integration points

Lesson 7 - Operations

• Identify ongoing tasks in a Splunk deployment

• Discuss deployment management

• Define monitoring tool

• Identify backup and archiving methods

• Discuss onboarding processes

• Discuss high availability