Splunk ClusterAdministration

Duration : 3 Days (24 Hours)

Splunk ClusterAdministration Course Overview:

This course is designed for experienced Splunk Enterprise administrators who are new to Splunk Clusters. The course provides fundamental knowledge of deploying and managing Splunk Enterprise in a clustered environment, covering installation, configuration, management, and monitoring of Splunk clusters. Please note that while Splunk Clusters are supported in Windows environments, the lab environment for this course consists of Linux instances only.

Intended Audience:

  • Experienced Splunk Enterprise administrators
  • Those new to managing Splunk clusters
  • System administrators familiar with Linux environments

Learning Objectives of Splunk ClusterAdministration:

  • Large-scale Splunk Deployment Overview
  • Single-site Indexer Cluster
  • Multisite Indexer Cluster
  • Indexer Cluster Management and Administration
  • Forwarder Configuration
  • Search Head Cluster
  • Search Head Cluster Management and Administration
  • KV Store Collection and Lookup Management
  • SmartStore Implementation Overview

Module 1 – Splunk Troubleshooting Methods and Tools

  • Deployment Design Factors
  • Scalability of Splunk Enterprise
  • Splunk License Master

Module 2 – Single-site Indexer Cluster

  • How Splunk Single-Site Indexer Clusters Work
  • Indexer Cluster Components and Terminology
  • Configuration of Splunk Single-site Indexer Cluster
  • Splunk Indexer Cluster Log Channels

Module 3 – Multisite Indexer Cluster

  • How Splunk Multisite Indexer Clusters Work
  • Terminology for Multisite Indexer Clusters
  • Configuration of Multisite Indexer Clusters
  • Optional Configurations for Multisite Indexer Clusters

Module 4 – Indexer Cluster Management and Administration

  • Managing Peer Offline and Decommissioning
  • Manager App Bundles
  • Options for Indexer Cluster Storage Utilization
  • Site Mapping
  • Using the Monitoring Console in an Indexer Cluster Environment
  • Ensuring Cluster Manager Redundancy

Module 5 – Forwarder Management

  • Indexer Discovery
  • Optional Indexer Discovery Configurations
  • Volume-Based Forwarder Load Balancing

Module 6 – Search Head Cluster

  • Architecture of Search Head Clusters
  • Configuration of Search Head Clusters
  • Identification of Cluster Captaincy and Cluster Status
  • Settings for Search Head Clusters

Module 7 – Search Head Cluster Management

  • Search Head Cluster Deployer
  • Captaincy Transfer
  • Adding and Decommissioning Search Head Members
  • Using the Monitoring Console for Search Head Clusters

Splunk ClusterAdministration Course Prerequisites:

  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration
  • Troubleshooting Splunk Enterprise

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability


  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention


  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.