Contenu
This 24-hour practical lab exercise is designed to take you through the tasks of a complete mock deployment. Each participant is given access to a specified number of Linux servers and a set of requirements. Participants then perform a mock deployment according to requirements which adhere to Splunk Deployment Methodology and best-practices.
Pré-requis
- Splunk Fundamentals 1 (Retired)
- Splunk Fundamentals 2 (Retired)
Or the following single-subject courses:
- What is Splunk? (WIS)
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Scheduling Reports & Alerts (SRA)
- Visualizations (SVZ)
- Intro to Knowledge Objects (IKO)
- Creating Field Extractions (CFE)
- Introduction to Dashboards (ITD)
Students should also understand the following modules:
Objectifs
Installation and Infrastructure
- Install forwarders, indexer, search head, deployment server and license master
Configuration and Collection
- Configure an index cluster
- Deploy all specified configurations via deployment server
- Configure inputs from forwarders
- Configure and confirm index-time knowledge
- Create search time fields
Searching and Reporting
- Create searches for each required use case
- Get indexer event acknowledgements