+1 (778) 681-0711

Splunk Enterprise Data Administration

Duration : 3 Days (24 Hours)

Splunk Enterprise Data Administration Course Overview:

This course is tailored for administrators tasked with ingesting data into Splunk Indexers. It offers essential knowledge about Splunk forwarders and techniques for bringing remote data into Splunk indexers. The curriculum encompasses the installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders, as well as components related to the Splunk Deployment Server.

Intended Audience:

  • Splunk System Administrators
  • IT Professionals responsible for managing Splunk forwarders and data inputs
  • Splunk Users and Analysts involved in data ingestion and management
  • Anyone seeking to enhance their knowledge of Splunk’s data input and parsing capabilities

Learning Objectives of Splunk Enterprise Data Administration:

  • Understanding source types
  • Managing and deploying forwarders
  • Configuring data inputs
  • File monitors
  • Network inputs (TCP/UDP)
  • Scripted inputs
  • HTTP inputs (via the HTTP Event Collector)
  • Customizing the input phase parsing process
  • Defining transformations to modify data before indexing
  • Defining search time knowledge object configurations

Module 1 – Getting Data Into Splunk

  • Overview of Splunk and the distributed model
  • Data input types and metadata settings
  • Configuration of initial input testing
  • Testing indexes with input staging

Module 2 – Config Files and Apps

  • Identification of Splunk configuration files and directories
  • Understanding index-time and search-time precedence
  • Validation and updating of configuration files
  • Exploration of Splunk apps and app installation

Module 3 – Configuring Forwarders

  • Configuration of Universal Forwarders
  • Configuration of Heavy Forwarders

Module 4 – Customizing Forwarders

  • Configuration of intermediate forwarders
  • Identification of additional forwarder options

Module 5 – Managing Forwarders

  • Description of Splunk Deployment Server (DS)
  • Forwarder management using deployment apps
  • Configuration of deployment clients and client groups
  • Monitoring forwarder management activities

Module 6 – Monitor Inputs

  • Creation of file and directory monitor inputs
  • Use of optional settings for monitor inputs
  • Deployment of remote monitor inputs

Module 7 – Network Inputs

  • Creation of network (TCP and UDP) inputs
  • Description of optional settings for network inputs

Module 8 – Scripted Inputs

  • Creation of basic scripted inputs

Module 9 – Agentless Inputs

  • Configuration of Splunk HTTP Event Collector (HEC) agentless input
  • Description of Splunk App for Stream

Module 10 – Operating System Inputs

  • Identification of Linux-specific inputs
  • Identification of Windows-specific inputs

Module 11 – Fine-tuning Inputs

  • Understanding default processing during the input phase
  • Configuration of input phase options (source type fine-tuning, character set encoding)

Module 12 – Parsing Phase and Data Preview

  • Understanding default processing during parsing
  • Optimization and configuration of event line breaking
  • Explanation of timestamp and time zone handling during parsing
  • Use of Data Preview for event validation during parsing

Module 13 – Manipulating Input Data

  • Exploration of Splunk transformation methods
  • Creation of rulesets with Ingest Actions
  • Data masking with Ingest Action rules and SEDCMD
  • Override of sourcetype or host based on event values

Module 14 – Routing Input Data

  • Data filtering and routing with Ingest Action rules and TRANSFORMS

Module 15 – Supporting Knowledge Objects

  • Configuration of default and custom search time field extractions
  • Pros and cons of indexed time field extractions
  • Configuration of indexed field extractions
  • Management of orphaned knowledge objects

Splunk Enterprise Data Administration Course Prerequisites:

  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions

Additionally, the following courses are recommended:

  • Fundamentals 1
  • Fundamentals 2

It’s also beneficial for students to have an understanding of the following course:

  • Splunk Enterprise System Administration (recommended)

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability

Classroom

  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention

Onsite

  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.
×