Course Content
This course is for system administrators who are responsible for managing a Splunk Enterprise environment.
The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.
Please note that classes may run across two days, consisting of 6 hour sessions. This course has 12 hours of content.
Who should attend
- Administrators
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:
- Exploring Splunk Platform Ecosystem
- Splunk User track
Outline: Splunk Enterprise System Administration (SESA)
Module 1 - Deploy Splunk
- Provide an overview of Splunk
- Identify Splunk Enterprise components and deployment types
- List Splunk installation prerequisites
- Use Splunk CLI commands
- Explore security recommended practices
Module 2 - Monitor Splunk
- Use Splunk Health Report
- Enable and use the Monitoring Console
- Use Splunk Diag and Rapid Diag
Module 3 - License Splunk
- Identify the different Splunk license types
- Describe license violations
- Install a Splunk License
- Configure a Splunk License Manager
- Configure License Peers
- Configure License Pools
- Manage License warnings
- Monitor license usage using the Monitoring Console and the Splunk Chargeback app
Module 4 - Use Configuration Files
- Describe Splunk configuration directory structure
- Explore the configuration layering process
- Index time process
- Search time process
- Use Splunk tools to examine configuration settings such as btoo
Module 5 - Use Apps
- Describe Splunk apps and add-ons
- Install an app on a Splunk instance
- Manage app accessibility and permissions
Module 6 - Create Indexes
- Describe how Splunk indexes function
- Identify the types of index buckets
- Create and work with indexes
- Describe metrics index
Module 7 - Manage Index
- Review Splunk Index Management basics
- Identify data retention recommendations
- Identify backup recommendations
- Move and delete index data
- Describe the use of the fishbucket
- Restore a frozen bucket
Module 8 - Manage Users
- Describe user roles in Splunk
- Add Splunk users using native authentication
- Create a custom role
- Manage users in Splunk
Module 9 - Configure Basic Forwarding
- Identify forwarder configuration steps
- Configure a Universal Forwarder
- Understand the agent management
Module 10 - Configure Distributed Search
- Configure distributed search
- Define the roles of the search head and search peers
- Use Monitoring Console to monitor search activity
- Explain when and how to quarantine search peers
- Identify options and considerations for using multiple search heads
- Identify distributed search recommended practices
- Explain the use cases for Federated Search and how it is configured