Administrating Splunk Course

1. Splunk Education Services
Administrating Splunk 5.0This eight hour course prepares system administrators to configure
and manage Splunk. It covers installation, configuring data inputs
and forwarders, data management, user accounts, licenses, and
basic troubleshooting and monitoring. It's recommended for
systems administrators responsible for the day-to-day
administration of Splunk. Using Splunk is a prerequisite.
Course Topics
 Typical Splunk installations
 apps and technology add-ons
 Common methods of data input
 Splunk forwarders’ role in data inputs
 Default input processing and common configurations
 Managing Splunk data stores
 Configuring groups, users, and data security
 Managing and installing Splunk licenses
Course Prerequisites
Using Splunk course
Class Format
Instructor-led lecture with labs. Delivered via virtual classroom or at
your site.
Course Objectives
Lesson 1 – Setting Up Splunk
 Describe typical Splunk installs
 Install Splunk
 Perform server basics including starting, stopping, and
restarting Splunk
Lesson 2 – Getting Data In
 Identify how to get data into Splunk
 Set up inputs using Apps
 Set input properties such as host, ports, index, source type, etc.
Lesson 3 – Data Inputs
 Manually specify data inputs
 List Splunk's data input types and explain how they differ
 Set input properties such as host, ports, index, source type, etc.
Lesson 4 – Windows Inputs
 Understand Windows-specific data
 Configure Windows specific inputs
Lesson 5 – Forwarders
 Compare forwarder types
 Understand forwarder benefits
 Deploy and configure forwarders
Lesson 6 – Understanding Data Processing
 Describe how data moves through Splunk
 Set source type
 Understand how Splunk sets time zones
 Configure search-time field extraction
Lesson 7 – Configuration Precedence
 Understand how precedence is applied to config files
 Understand how precedence affects index time and search
time
Lesson 8 – Splunk's Data Store
 Learn when and why to use multiple indexes
 Learn how data moves through indexes
 Describe index directory structures and buckets
 Set up indexes
 Describe back up strategies
Lesson 9 – Users, Roles and Authentication
 Understand user roles in Splunk
 Create a custom role
Lesson 10 – Licensing
 Identify license types
 Understand license violations
 Define license groups, license pooling and stacking
 Add and remove licenses
Splunk Education Tracks
User: For all day-to-day Splunk users including customer support
staff, developers, systems administrators and management.
Administrator: For administrators of Splunk itself. (Administrators
of other systems who will just be using Splunk should take the User
track.)
Architect: For architects who will be designing Splunk
deployments, including architects on staff at customer deployments
as well as partner professional services personnel.
Developer: For developers who will integrate, customize and
extend Splunk using its XML templates and advanced configuration
bundling.
Support Engineer: For Splunk OEM and channel partner support
staff who will be providing first line support for Splunk.
Tracks User Administrator Architect Developer
Support
Engineer
Using Splunk ✓ ✓ ✓ ✓ ✓
Searching and
Reporting with Splunk
✓ ✓ ✓ ✓
Administrating Splunk ✓ ✓ ✓
Advanced Splunk
Administration
✓ ✓ ✓
Architecting and
Deploying Splunk
✓ ✓
Developing Apps with
Splunk
✓ ✓ ✓
Splunk Architect
Certification Lab
✓
Supporting Splunk ✓

2. Splunk Education Services
About Splunk
Splunk is software that indexes,
manages and enables you to search
data from any application, server or
network device in real time.
Visit our website at www.splunk.com
to download your own free copy.
Splunk Inc.
250 Brannan
San Francisco, CA 94107
866.GET.SPLUNK
(866.438.7758)
sales@splunk.com
support@splunk.com