Module 1 – Deploying Splunk

• Overview of Splunk
• Identifying Splunk Enterprise components
• Types of Splunk deployments
• Steps to install Splunk
• Using Splunk CLI commands
• Exploring security best practices

Module 2 – Monitoring Splunk

• Using Splunk Health Report
• Enabling the Monitoring Console (MC)
• Utilizing Splunk Assist
• Leveraging Splunk Diag

Module 3 – Licensing Splunk

• Identifying Splunk license types
• Describing license violations
• Adding and removing licenses

Module 4 – Using Configuration Files

• Describing Splunk configuration directory structure
• Understanding configuration layering process
• Using btool to examine configuration settings

Module 5 – Using Apps

• Describing Splunk apps and add-ons
• Installing an app on a Splunk instance
• Managing app accessibility and permissions

Module 6 – Creating Indexes

• Learning how Splunk indexes function
• Identifying the types of index buckets
• Adding and working with indexes
• Overview of metrics index

Module 7 – Managing Index

• Reviewing Splunk Index Management basics
• Identifying data retention recommendations
• Identifying backup recommendations
• Moving and deleting index data
• Describing the use of the Fishbucket
• Restoring a frozen bucket

Module 8 – Managing Users

• Adding Splunk users using native authentication
• Describing user roles in Splunk
• Creating a custom role
• Managing users in Splunk

Module 9 – Configuring Basic Forwarding

• Identifying forwarder configuration steps
• Configuring a Universal Forwarder
• Understanding the Deployment Server

Module 10 – Configuring Distributed Search

• Describing how distributed search works
• Defining the roles of the search head and search peers

Splunk Enterprise System Administration Course Prerequisites:

To be successful in this course, students should have a solid understanding of either the following courses:

• What is Splunk?
• Intro to Splunk
• Using Fields
• Introduction to Knowledge Objects

OR

• Splunk Fundamentals 1
• Splunk Fundamentals 2