Splunk Enterprise System Administration

Duration : 2 Days (16 Hours)

Splunk Enterprise System Administration Course Overview:

This Splunk Enterprise Administration course is tailored for system administrators tasked with managing Splunk Enterprise environments. It provides essential knowledge about Splunk’s license manager, indexers, and search heads, covering configuration, management, and monitoring of core components, equipping participants with the skills needed for effective administration.

Intended Audience:

  • System Administrators
  • IT Professionals
  • Splunk Administrators
  • Those responsible for managing Splunk Enterprise environments

Learning Objectives of Splunk Enterprise System Administration:

  • Splunk Deployment Overview
  • License Management
  • Splunk Configuration Files
  • Splunk Apps
  • Index Management
  • Users, Roles, and Authentication
  • Basic Forwarding
  • Distributed Search

Module 1 – Deploying Splunk

  • Overview of Splunk
  • Identifying Splunk Enterprise components
  • Types of Splunk deployments
  • Steps to install Splunk
  • Using Splunk CLI commands
  • Exploring security best practices

Module 2 – Monitoring Splunk

  • Using Splunk Health Report
  • Enabling the Monitoring Console (MC)
  • Utilizing Splunk Assist
  • Leveraging Splunk Diag

Module 3 – Licensing Splunk

  • Identifying Splunk license types
  • Describing license violations
  • Adding and removing licenses

Module 4 – Using Configuration Files

  • Describing Splunk configuration directory structure
  • Understanding configuration layering process
  • Using btool to examine configuration settings

Module 5 – Using Apps

  • Describing Splunk apps and add-ons
  • Installing an app on a Splunk instance
  • Managing app accessibility and permissions

Module 6 – Creating Indexes

  • Learning how Splunk indexes function
  • Identifying the types of index buckets
  • Adding and working with indexes
  • Overview of metrics index

Module 7 – Managing Index

  • Reviewing Splunk Index Management basics
  • Identifying data retention recommendations
  • Identifying backup recommendations
  • Moving and deleting index data
  • Describing the use of the Fishbucket
  • Restoring a frozen bucket

Module 8 – Managing Users

  • Adding Splunk users using native authentication
  • Describing user roles in Splunk
  • Creating a custom role
  • Managing users in Splunk

Module 9 – Configuring Basic Forwarding

  • Identifying forwarder configuration steps
  • Configuring a Universal Forwarder
  • Understanding the Deployment Server

Module 10 – Configuring Distributed Search

  • Describing how distributed search works
  • Defining the roles of the search head and search peers

Splunk Enterprise System Administration Course Prerequisites:

To be successful in this course, students should have a solid understanding of either the following courses:

  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Introduction to Knowledge Objects


  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability


  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention


  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.