Splunk Admin, Developer & SIEM Training Program

Introduction to the Course

  • Splunk is a powerful software platform used for searching, analyzing, and visualizing machine-generated data from websites, applications, sensors, devices, and more.

It enables organizations to:

  • Index and process log data from diverse sources.
  • Perform real-time monitoring, log analysis, and investigations.
  • Derive operational intelligence and enhance decision-making.

This course is designed to equip learners with Splunk Administration, Development, and SIEM skills, helping them excel in roles such as SOC Analyst, SIEM Engineer, Splunk Admin, and Splunk Developer.

Course Duration

  • 32 Hours Instructor-Led Training
  • 01 Hour MCQ Test
  • 01 Hour Practical Test
    📌 Total = 34 Hours
  • Hardware & Software Requirements

Hardware Requirements:

  • 4 Virtual Machines: Windows 10 or above, i3 processor, 30 GB HDD, 8 GB RAM
  • 1 Virtual Machine: Ubuntu 18.04, i3 processor, 20 GB HDD, 4 GB RAM

Software Requirements:

  • Splunk Enterprise 9.x
  • Foxit Reader
  • Mozilla Firefox

Course Modules
Module 1 – Introduction to Splunk

  • Use cases of Splunk in modern enterprises
  • Overview of Splunk Apps
  • Basic navigation in Splunk

Module 2 – Splunk Certifications

  • Overview of certification paths
  • Eligibility criteria
  • Certification cost breakdown

 

Module 3 – Setting up Splunk

  • Configuring Splunk
  • Installing Splunk Enterprise

Module 4 – Licensing in Splunk

  • Splunk license types
  • Role of License Master & License Slave
  • License Pool concepts

Module 5 – Searching in Splunk

  • Running basic searches
  • Using auto-complete & search modes
  • Time range selection
  • Working with events & timelines
  • Saving & refining search results

Module 6 – Using Fields in Searching

  • Understanding fields
  • Using fields sidebar
  • Search modes: Fast, Verbose, Smart

Module 7 – Creating Reports

  • Saving searches as reports
  • Editing & customizing reports
  • Creating reports with tables & visualizations

Module 8 – Creating Dashboards

  • Building dashboards from reports
  • Adding panels & interactivity
  • Creating cascade dashboards

Module 9 – Splunk’s Search Language Fundamentals

  • Search pipeline overview
  • Search syntax concepts
  • Common commands: tables, rename, fields, dedup, sort

Module 10 – Transforming Commands

  • top, rare, and stats commands

 

Module 11 – Creating and Using Lookups

  • Lookup concepts & examples
  • Creating lookup files and definitions
  • Using lookups in searches

Module 12 – Alerts & Scheduled Reports

  • Configuring scheduled reports
  • Creating and managing alerts
  • Viewing fired alerts

Module 13 – Data Models

  • Relationship between Data Models & Pivot
  • Creating & using Data Models

Module 14 – Beyond Search Fundamentals

  • Search fundamentals review
  • Case sensitivity & search optimization
  • Job Inspector for performance

Module 15 – Visualizations with Transforming Commands

  • Data structure requirements
  • Visualization types in Splunk
  • Creating & formatting charts & time-charts

Module 16 – Filtering & Formatting Results

  • Using eval, search, where, fillnull commands

Module 17 – Knowledge Objects

  • Naming conventions
  • Permissions & management of knowledge objects

Module 18 – Field Extractions

  • Regex-based field extractions with FX
  • Delimiter-based field extractions

Module 19 – Field Aliases & Calculated Fields

  • Creating & using field aliases
  • Creating calculated fields

Module 20 – Tags & Event Types

  • Creating & applying tags
  • Creating event types

Module 21 – Macros

  • Creating and using macros
  • Defining arguments and variables

Module 22 – Workflow Actions

  • GET & Search workflow actions
  • Creating workflow actions in Splunk

Module 23 – Data Addition via Universal Forwarder

  • Installing & configuring Universal Forwarder on Ubuntu
  • Adding data to Splunk

Module 24 – Data Addition via HTTP Event Collector (HEC)

  • Installing & configuring HEC on Ubuntu
  • Adding data with HEC

Module 25 – Clustering

  • Importance of clustering
  • Indexer Clustering
  • Search Head Clustering

Module 26 – Distributed Deployment

  • Non-Clustered vs Clustered Deployment
  • Configuring Distributed Deployments

Module 27 – Splunk Diag

  • Purpose of Diag
  • Creating Diag using Web UI & CLI

Module 28 – Common Information Model (CIM)

  • Using CIM in Splunk
  • Creating CIM

Module 29 – Use Cases in Splunk

  • Real-world scenarios & SIEM use cases