Splunk Enterprise Cluster Administration

Course Duration

2 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

Completion of Splunk Enterprise Data Administration (SP-SEDA) or equivalent. Solid understanding of Splunk distributed deployment, indexes, and forwarder configuration.

Course Description

This 2-day course provides the knowledge to deploy and manage Splunk Enterprise in a clustered environment for high availability and scalability. Students learn how indexer clustering and search head clustering work, how to configure and manage cluster masters and peers, and how to maintain a healthy clustered Splunk deployment at scale.

Learning Objectives

• Describe factors that affect large-scale Splunk deployment design
• Configure and manage an indexer cluster with a cluster master
• Manage index replication and bucket fixup in an indexer cluster
• Configure and administer a Splunk search head cluster
• Use the deployer to push configurations to search head cluster members
• Monitor cluster health and troubleshoot common cluster issues
• Perform rolling upgrades on indexer and search head clusters

Course Outline

Large-scale Deployment Overview

• Factors affecting large-scale design
• Scaling Splunk Enterprise
• License management at scale

Indexer Clustering

• Indexer cluster architecture
• Configuring the cluster master
• Configuring cluster peers
• Managing replication and search factor
• Bucket fixup and cluster maintenance

Search Head Clustering

• Search head cluster architecture
• Configuring the deployer
• Adding and removing cluster members
• Troubleshooting search head clusters

Cluster Maintenance

• Monitoring cluster health
• Rolling upgrades
• Common cluster troubleshooting scenarios

Frequently Asked Questions