Splunk Enterprise System Administration

Course Duration

2 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

Basic understanding of Linux/Unix command line and networking concepts. No prior Splunk experience required.

Course Description

This 2-day course provides the foundational knowledge needed to manage a Splunk Enterprise environment. Students learn how to install and configure Splunk, manage licenses, configure users and role-based access control, deploy and manage forwarders using the deployment server, and monitor the health of a Splunk deployment. This course is the first half of the Splunk Enterprise Certified Admin preparation path.

Learning Objectives

• Describe Splunk Enterprise components and distributed deployment architecture
• Install and configure Splunk Enterprise on Linux
• Manage Splunk licensing and license pools
• Create and manage users, roles, and capability-based access control
• Configure and manage universal forwarders
• Use the deployment server to centrally manage forwarder configuration
• Monitor Splunk system health using the monitoring console
• Configure Splunk for basic distributed search

Course Outline

Deploy Splunk

• Splunk overview
• Splunk Enterprise components
• Types of Splunk deployments
• Installing Splunk
• Using the CLI

Licensing and Users

• Splunk licensing model
• Managing license masters and slaves
• Creating and managing users
• Configuring roles and capabilities

Forwarders and Deployment Server

• Universal forwarder architecture
• Installing and configuring forwarders
• Deployment server overview
• Managing forwarder apps with deployment server

Monitoring and Health

• Monitoring console
• Splunk health report
• Searching the _internal index
• Common admin tasks

Frequently Asked Questions