Splunk Admin and Developer

Introduction to course

  • Splunk is a software platform to search, analyze and visualize the machine-generated data gathered from the websites, applications, sensors, devices etc.
  • Splunk collates, indexes and processes log data to help organizations gain valuable operational intelligence from huge quantities of machine-generated data. 
  • Real time log analysis and investigation can be performed using Splunk search query.

Course Details

  • Duration: 32 Hrs. Training + 1 Hr. MCQ Test + 1 Hr. Practical Test = 34 Hrs.

Hardware and software requirements

  • Hardware Requirement –
  • 4 Virtual Machines of Windows 10 and above O.S. with at least i3 processor, 30 GB Hard disk, 8 GB RAM
  • 1 Virtual Machine with Ubuntu 18.04 O.S. and with at least i3 processor, 20 GB Hard disk, 4 GB RAM
  • Software Requirement – Splunk Enterprise Software 9.x, Foxit Reader, Mozilla Firefox

Course Content

  • Duration of Course – 32 Hrs. Training + 1 Hr. MCQ Test + 1 Hr. Practical Test = 34 Hrs.

Module 1 – Introducing Splunk

  • Understand the uses of Splunk
  • Define Splunk Apps
  • Learn basic navigation in Splunk

Module 2 – Various Certifications of Splunk and their cost

  • Eligibility criteria for Splunk Certification
  • Cost of Splunk Certification

Module 3 – Setting up Splunk

  • Configuring Splunk
  • Installation of Splunk

Module 4 – Licensing in Splunk

  • Splunk License Types
  • License Master
  • License Slave
  • License Master/Slave relationship or License Pool

Module 5 – Searching

  • Run basic searches
  • Use auto-complete to help build a search
  • Set the time range of a search
  • Identify the contents of search results
  • Refine searches
  • Use the timeline
  • Work with events
  • Control a search job
  • Save search results

Module 6 – Using Fields in Searching

  • Understand fields
  • Use fields in searches
  • Use the fields sidebar
  • Use search modes (fast, verbose, and smart) 

Module 7 – Create Reports

  • Save a search as a report
  • Edit reports
  • Create reports that display statistics (tables)
  • Create reports that display visualizations (charts)

Module 8 – Create Dashboards

  • Create a dashboard
  • Add a report to a dashboard
  • Add panel to a dashboard
  • Edit a dashboard
  • Create Interactive dashboard
  • Create Cascade dashboard

Module 9 – Splunk’s Search Language Fundamentals

  • Understand the search pipeline
  • Understand search syntax concepts
  • Use the following commands to perform searches: tables, rename, fields, dedup, sort

Module 10 – Using basic Transforming Commands

  • The top command
  • The rare command
  • The stats command

Module 11 – Creating and Using Lookups

  • Describe lookups
  • Examine a lookup file example
  • Create a lookup file and create a lookup definition
  • Use the lookup in searches

Module 12 – Creating Alerts and Scheduled Reports

  • Describe scheduled reports
  • Configure scheduled reports
  • Describe alerts
  • Create alerts
  • View fired alerts

Module 13 – Creating Data Models

  • Describe the relationship between data models and pivot
  • Identify data model attributes
  • Create a data model
  • Use a data model in pivot

Module 14 – Beyond Search Fundamentals

  • Search fundamentals review
  • Case sensitivity
  • Using the job inspector to view search performance

Module 15 – Using Transforming Commands for Visualizations

  • Explore data structure requirements
  • Explore visualization types
  • Create and format charts and time charts

Module 16 – Filtering and Formatting Results

  • The eval command
  • Using the search and where commands to filter results
  • The fillnull command

Module 17 – Introduction to Knowledge Objects

  • Identify naming conventions
  • Review permissions
  • Manage knowledge objects

Module 18 – Creating and Managing Fields

  • Perform regex field extractions using the Field Extractor (FX)
  • Perform delimiter field extractions using the FX

Module 19 – Creating Field Aliases and Calculated Fields

  • Describe, create, and use field aliases
  • Describe, create and use calculated fields 

Module 20 – Creating Tags and Event Types

  • Create and use tags
  • Describe event types and their uses
  • Create an event type

Module 21 – Creating and Using Macros

  • Describe macros
  • Create and use a basic macro
  • Define arguments and variables for a macro
  • Add and use arguments with a macro

Module 22 – Creating and Using Workflow Actions

  • Describe the function of GET and Search workflow actions
  • Create a GET workflow action
  • Create a Search workflow action

Module 23 – Data addition to Splunk by Universal Forwarder

  •  Use of Universal Forwarder
  •  Install and Configure Universal Forwarder in Ubuntu Linux System
  •  Add data to Splunk by Universal Forwarder

Module 24 – Data addition to Splunk by HTTP Event Collector

  • Use of HTTP Event Collector
  • Install and Configure HTTP Event Collector in Ubuntu Linux System
  • Add data to Splunk by HTTP Event Collector

Module 25 – Clustering

  • Need of Clustering
  • Indexer Clustering
  • Search Head Clustering

Module 26 – Splunk Distributed Deployment

  • Create Non-Clustered Distributed Deployment
  • Create Clustered Distributed Deployment
  • Difference between Non-Clustered and Clustered Distributed Deployment
  • Indexer Clustering
  • Search Head Clustering

Module 27 – Diag

  • Use of Diag
  • Create Diag using Splunk Web UI
  • Create Diag using Command Line

Module 28 – Common Information Model

  • Use of CIM
  • Create CIM

Module 29 – Used cases in Splunk