- 0 (Registered)
-
Splunk Power User & Admin Certification Training
About the Course
This Splunk Power User and Admin Certification Training includes concepts which are required for both Splunk Power Users and Splunk Administrators. By the end of this training, you will learn their roles, responsibilities and be ready for implementation. The Training helps you work with Configuration files and settings, use Searching & Reporting commands, use various Knowledge objects, and finally create Dashboards for visualization with the help of real-life Use-Cases.
Module 1
Introduction to Machine Data & Splunk Basics
Goal: In this module, you will get introduced to Machine Data, understand the challenges it presents, and how Splunk can be leveraged to gain Operational Intelligence. Get introduced to various components of Splunk along with how they can be installed.
Objective: Upon completing this module, you should be able to:
- Explain the basics of Splunk and Splunk Licensing options
- Install and configure Splunk Search Heads, Indexer, Heavy, and Universal Forwarders
Topics:
- What is Machine Data & its challenges?
- Need for Splunk and its features
- Splunk Products and their Use-Case
- Download and Install Splunk
- Splunk Components: Search Head, Indexer, Forwarder, Deployment Server, & License Master
- Splunk Architecture
- Splunk Licensing options
Hands On:
- Setting up Splunk Enterprise environment
- Setting up Search Heads, Indexer, Heavy, and Universal Forwarders
Module 2
User Management & Splunk Configuration Files
Goal: In this module, you will learn how to create and manage users, understand the Splunk Admin role and responsibilities, the architecture of Splunk Index and work with Splunk Configuration files.
Objective: Upon completing this module, you should be able to:
- Configure the. conf files
- Create and Manage users
Topics:
- User Creation and Management via Splunk native authentication technique
- Splunk Admin Role & Responsibilities
- Indexes
- Data Ageing
- Introduction to Splunk configuration files (7)
- Managing the. conf files
Hands On
- Creating and Managing users
- Manage and Modify the Configuration files
- Create index using the indexes.conf file with various retention period and other functionalities of buckets
Module 3
Data Ingestion, Splunk Search And Reporting Commands
Goal: Learn the various Splunk Data onboarding techniques and query that data with basic and advanced Splunk commands. Use different keywords to search and filter the Indexed data based on the requirements.
Objective: Upon completing this module, you should be able to:
- Perform Data onboarding to Splunk
- Query using basic and advanced Splunk commands
- Use different keywords to search and filter indexed data based on any individual team requirement
Topics:
- Learn the various data onboarding techniques: –
- Via flat files
- Via UF (Universal Forwarder)
- Implement Basic search commands in Splunk: – o Fields, Table, Sort, Rename, Search
- Understand the use of time ranges while searching
- Learn Reporting & Transforming commands in Splunk: o Top, Rare, Stats, Chart, Timechart, Dedup, Rex
Hands On
- Data onboarding via Universal forwarder and flat files
- Basic and advanced Splunk search commands
- Understand the use of time ranges while searching
Module 4
Knowledge Objects – I
Goal: Learn about fields and ways to extract them, create and use Event Types in search while creating/ modifying alerts.
Objective: Upon completing this module, you should be able to:
- Know what is Splunk knowledge
- Learn about the various categories of Splunk Knowledge Objects
- Explain what is a Field
- Learn what is Field Extraction and how to create Field Extractions
- Learn what are Event types and how to create Event types
- Understand what is a Transaction and how to create Transactions
Topics:
- Splunk Knowledge
- Categories of Splunk Knowledge
- Fields
- Field extraction
- Event types
- Transactions
Hands-On: Use the following Knowledge objects:
- Field extractions
- Event types
- Transactions
Module 5
Knowledge Objects – II
Goal: In this module, you will learn to create and define Lookups, create Tags to use them in search, create and manage Field aliases and Data Models.
Objectives: Upon completing this module, you should be able to:
- Create and define Lookups
- Work with Lookup editor
- Understand the several types of Workflow actions
- Create and manage Tags and field aliases
- Understand what is a Data model
Topics:
- What are lookups?
- Defining a lookup
- Configuring an automatic lookup
- Using the lookup in searches and reports
- Workflow action
- Tags
- Creating and managing tags
- Defining and searching field aliases
- Overview of Data Model
Hands on:
- Use the Lookup dashboard
- Use the following Knowledge objects: o Tags
o Field aliases
Module 6
Alerts, Visualizations, Reports & Dashboards
Goal: In this module, you will learn to create Reports and Dashboards along with different visualizations.
Objectives: Upon completing this module, you should be able to:
- Schedule alerts
- Learn different visualizations offered by Splunk
- Create Reports and Dashboards along with different visualizations
- Add Reports to Dashboards
Topics:
- Create Alerts triggered on certain conditions
- Different Splunk Visualizations
- Create Reports with search results
- Create Dashboards with different Charts and other visualizations
- Set permissions for Reports and Dashboard
- Create Reports and schedule them using cron schedule
- Share Dashboard with other teams
Hands on:
- Scheduling alerts
- Create Splunk Reports
- Create a Dashboard with various Charts and Graphs
Module 7
Splunk Clustering Techniques
Goal: Learn how to setup a Cluster of Splunk instances, with each instance assuming the role of a different component. Implement both Search Head clustering and Indexer clustering in this module.
Objectives: Upon completing this module, you should be able to:
- Install Splunk on Linux OS
- Learn about Splunk Clustering
- Learn about Search Head Clustering
- Understand Indexer Clustering
Topics:
- Install Splunk on Linux OS
- Use the frequently used Splunk CLI commands
- Learn the best practices while setting up a Clustering environment
- Splunk Clustering
- Implement Search Head Clustering
- Implement Indexer Clustering
- Deploy an App on the Search Head cluster
Hands on:
- Configuring Splunk instances via Linux CLI
- Clustering techniques o Search Hear clustering
o Indexer Clustering
- Deploying Apps and configurations using Deployment server
Module 8
Case Studies & Project Discussion
Goal: In this final module, you will be presented 18 use case scenarios. Solving those use cases will give you exposure to industry practices and take you one step closer to mastering Splunk concepts.
Projects:
Answer to solving several problems lies in analyzing the logs of an Organization’s web server. Be it for an E-Commerce company/ Social Media platform, DATA is in abundance because their business is dependent on the Internet. Thus, network monitoring and gaining insights on Internet usage is even more valuable.
Parallelly, any company running a web server will incredibly benefit by:
- Monitoring the server’s health constantly
- Monitor the inbound traffic and identify the traffic source
- Monitor the inbound traffic for error response code
- Monitoring the outbound traffic for blocking certain domains
- Analyzing the security threat/ vulnerability
Gaining insights on the above terms will help in reduced bill from the ISP, greater efficiency at work by in-house employees and for achieving Operational Intelligence. You must leverage Splunk’s power to analyze the logs and solve various problem statements presented to you.
Domain: IT Industry
Objective: Gain Operational Intelligence
With respect to the above mentioned scenario, your project work will deal with:
- Analyzing IIS Logs Of A Web Server
- Analyzing WMI Logs Of A Windows Server
- Monitoring Server Logs For Security
What are the system requirements for this course?
For a single instance deployment, you need 8GB RAM and i3 processor or above. For distributed deployment, you need to connect to AWS instances, in which Splunk will be installed.
How will I execute the Practicals?
For a single instance deployment, you can refer to the Installation guide that will be in your LMS, and install it on your Windows/ Linux systems. For distributed deployment, you will be connecting to AWS and creating 6 Instances, for the various Splunk components. Detailed instructions are provided for this as well.
Course Content
Curriculum is empty