Splunk Admin Course Contents
Module 1 - 2 hours
Splunk Overview - Splunk package and components - Installation procedure in various OS - Splunk Architecture Basic Overview - Splunk Ports and Protocol Management
Module 2 - 3 hours
Set up forwarding and receiving - Types of forwarders - Forwarder Deployment Topologies - Universal forwarder - Overview and limitations - Forwarding configuration - Heavy forwarder (Deployment and Capabilities)- Routing and filtering data - Third-party routing from Splunk - Functionalities of Universal and Heavy Forwarder
Module 3 - 3 hours
Deployment Server and Forwarder Management - Configure the Deployment Server-Client Architecture - License Management - Users,roles and authentication - Splunk configuration files overview - Data feeds - Data parsing and indexing - Analyzing the Data
Module 4 - 6 hours
Overview of Indexers and Indexes - Indexer Capabilities - Working model of Indexers - Installation and Configuration of Standalone Indexer - Managing index and index storage - Understanding Index Buckets and Data Ageing - Retention and archiving policy - Basic Cluster Architecture - Clustering Terms - Types of Clustering - Single-site Cluster Deployment - Multi-site Cluster Deployment - Role of Master and peers - Managing the cluster
Module 5 -6 hours
Overview of Splunk Search head and configuration - Distributed Search - Deployment of Distributed Search - Knowledge Bundles - Search head pooling - Overview of Search head clustering - Understanding Clustering Terms - Configuration of Clustering - Integrate Indexers and Search-heads - Mounted Bundles - Understanding Clustered Architecture - Search Artifacts
Module 6 - 4 hours
Basic Overview of Splunk Search - SPL Language - Create Simple Dashboards - Setting up Alerts and Reports - Common Search Commands - Troubleshooting Steps
Splunk Development Course Content
Module 1 - 2 hours
Splunk Overview - Prerequisites and Installing Splunk Enterprise - Navigating Splunk Web - On-boarding data into Splunk Enterprise
Module 2 - 3 hours
Splunk knowledge objects Overview - Classify and group events - Define and Maintain Event types - Tags creation - Field extractions - Field Extractor - Search-time field extractions - Regular expression overview - Extract fields with search commands - Create custom fields at index time - Overview of Lookups - Usage of Field lookups to add info to your events - Configuring and customizing Lookups -- Saved Searches - Splunk CIM Overview and its correlation - Specify Cron Notation
Module 3 - 4 hours
Types of searches - Retrieving events - Specifying time ranges - Using subsearch - Creating statistical tables and charts - Grouping and correlating events - Predicting future events -Common search commands - Best practices in optimizing search - Functions for eval and stats command - Application of the following search commands by category - Correlation - Anomaly Detection - Reporting - Geographic - Prediction and Trending - Search and Sub-search commands - Time commands - Formats for converting strings into time-stamps - Understanding SPL syntax - Usage of Keywords and Boolean operators
Module 4 - 4 hours
Views Overview - Simple XML - Dashboards Overview - Functionalities - Panel creation and customization - Drilldowns - Employing Queries in Dashboards - Implementing JavaScript and CSS into Dashboards - Forms Creation - Form inputs definition - Macros Overview - Understanding of Data Models
Module 5 - 2 hours
Alerts Overview - Types of Alerts - Setup Alert actions - Scheduled Alert - Real time Alert - Custom conditional Alerts - Triggered Alerts - Alert Manager Usage - Alert Functionalities - Alert examples - Alerts via savedsearch.conf - Usage of Tokens - Troubleshooting Steps
Module 6 - 2 hours
Reporting Overview - Create and Edit Reports - Accelerate Report - Setup Scheduled Reports - Customize Report Formats - Report Functionalities - Report examples - Report via savedsearch.conf - Usage of Tokens - Troubleshooting Steps
Module 7 - 3 hours
Walk-through over Splunk Apps - Basic Understanding of Splunk App creation