Course Content
Module 1 -Introduction to Data Administration
• Splunk overview
• Identify Splunk data administrator role
Module 2 – Getting Data In – Staging
• List the four phases of Splunk Index
• List Splunk input options
• Describe the band settings for an input
Module 3 – Configuring Forwarders
• Understand the role of production Indexers and Forwarders
• Understand the functionality of Universal Forwarders and Heavy Forwarders
• ConfigureForwarders
• Identify additional Forwarder options
Module 4 – Forwarder Management
• Explain the use of Forwarder Management
• Describe Splunk Deployment Server
• Manage forwarders using deployment apps
• Configure deployment clients
• Configure client groups
• Monitor forwarder management activities
Module 5 – Monitor Inputs
• Create file and directory monitor inputs
• Use optional settings for monitor inputs
• Deploy a remote monitor input
Module 6 – Network and Scripted Inputs
• Create a network (TCP and UDP) inputs
• Describe optional settings for network inputs
• Create a basic scripted input
Module 7 – Agentless Inputs
• Identify Windows input types and uses
• Understand additional options to get data into Splunk
• HTTP Event Collector
• Splunk App for Stream
Module 8 – Fine-Tuning Inputs
• Understand the default processing that occurs during the input phase
• Configure input phase options, such as source type fine-tuning and character set encoding
Module 9 – Parsing Phase and Data
• Understand the default processing that occurs during parsing
• Optimize and configure event line breaking
• Explain how timestamps and time zones are extracted or assigned to events
• Use Data Preview to validate event created during the parsing phase
Module 10 – Manipulating Raw Data
• Explain how data transformations are defined and invoked
• Use transformations with props.conf and transforms.conf to:
• Mask or delete raw data as it is being indexed
• Override source type or host-based upon event values
• Route events to specific indexes based on event content
• Prevent unwanted events from being indexed
• Use SEDCMD to modify raw data
Module 11 – Supporting Knowledge Objects
• Create field extractions
• Configure collections for KV Store
• Manage Knowledge Object permissions
• Control automatic field extraction
Module 12 – Creating a Diag
• Identify Splunkdiag
• Using Splunkdiag
Module 1 – Splunk Developer Overview
• Splunk overview
• Identify Splunk components
• Identify the Splunk system administrator role
Module 2 – License Management
• Identify license types
• Describe license violations
• Add and remove licenses
Module 3 – Splunk Apps
• Describe Splunk apps and add-ons
• Install an app on a Splunk instance
• Manage app accessibility and permissions
Module 4 – Splunk Configuration Files
• Describe Splunk configuration directory structure
• Understand configuration layering process
• Use btool to examine configuration settings
Module 5 – Splunk Indexes
• Describe the index structure
• List types of index buckets
• Create new indexes
• Monitor indexes with Monitoring Console
Module 6 – Splunk Index Management
• Apply a data retention policy
• Backup data on indexers
• Delete data from an index
• Restore frozen data
Module 7 – Splunk User Management
• Describe user roles in Splunk
• Create a custom role
• Add Splunk users
Module 8 – Splunk Authentication Management
• Integrate Splunk with LDAP
• List other user authentication options
• Describe the steps to enable Multifactor Authentication in Splunk
Module 9 – Getting Data In
• Describe the basic settings for an input
• List Splunk forwarder types
• Configure the forwarder
• Add an input to UF using CLI
Module 10 – Distributed Search
• Describe how distributed search works
• Explain the roles of the search head and search peers
• Configure a distributed search group
• List search head scaling options
Splunk Admin
- Price: Free
- Certificates: No
- Students: 0
- Lesson: 0