Apache Splunk Training Course Content

1. Introduction to Machine Data & Splunk Basics
• What is Machine Data & its challenges?
• Need for Splunk and its features
• Splunk Products and their Use-Case
• Download and Install Splunk
• Splunk Components: Search Head, Indexer, Forwarder, Deployment Server, & License Master
• Splunk Architecture
• Splunk Licensing options

Hands On
• Setting up Splunk Enterprise environment
• Setting up Search Heads, Indexer, Heavy, and Universal Forwarders

2. User Management & Splunk Configuration Files
• Introduction to Authentication techniques
• User Creation and Management
• Splunk Admin Role & Responsibilities
• Indexes
• Data Ageing
• Introduction to Splunk configuration files (7)
• Managing the. conf files

Hands On
• Creating and Managing users
• Manage and Modify the Configuration files
• Create index using the indexes.conf file with various retention period and other functionalities of buckets

3. Data Ingestion, Splunk Search, and Reporting Commands
• Learn the various data onboarding techniques: –
• Via flat files
• Via UF (Universal Forwarder)
• Implement Basic search commands in Splunk: –
Fields, Table, Sort, Rename, Search
• Understand the use of time ranges while searching
• Learn Reporting & Transforming commands in
Splunk: – Top, Rare, Stats, Chart, Timechart, Dedup, Rex

Hands-On:
• Data onboarding via Universal forwarder and flat files
• Basic and advanced Splunk search commands
• Understand the use of time ranges while searching

4. Knowledge Objects-I
• Splunk Knowledge
• Categories of Splunk Knowledge
• Fields
• Field extraction
• Event types
• Transactions

Hands-On:
Use the following Knowledge objects:
• Field extractions
• Event types
• Transactions

5. Knowledge Objects-II
• What are lookups?
• Defining a lookup
• Configuring an automatic lookup
• Using the lookup in searches and reports
• Workflow action
• Tags
• Creating and managing tags
• Defining and searching field aliases
• Overview of Data Model

Hands on:
• Use the Lookup dashboard
• Use the following Knowledge objects:
• Tags
• Field aliases

6. Splunk Alerts, Visualizations, Reports, & Dashboards
• Create Alerts triggered on certain conditions
• Different Splunk Visualizations
• Create Reports with search results
• Create Dashboards with different Charts and other visualizations
• Set permissions for Reports and Dashboard
• Create Reports and schedule them using cron schedule
• Share Dashboard with other teams

Hands on:
• Scheduling alerts
• Create Splunk Reports
• Create a Dashboard with various Charts and Graphs

7. Splunk Clustering Techniques
• Install Splunk on Linux OS
• Use the frequently used Splunk CLI commands
• Learn the best practices while setting up a Clustering environment
• Splunk Clustering
• Implement Search Head Clustering
• Implement Indexer Clustering
• Deploy an App on the Search Head cluster

Hands on:
• Configuring Splunk instances via Linux CLI
• Clustering techniques
o Search Hear clustering
o Indexer Clustering
• Deploying Apps and configurations using Deployment server
Getting the right solution based on the criteria curated by SoftPro9 Team