SPLUNK DEVELOPMENT & ADMIN

SPLUNK DEVELOPMENT & ADMIN TRAINING

Duration: 40 hrs

Course Objectives – Splunk Administration to Architect

Module 1 – Introduction

• Introduction to the course
• What is Splunk?
• Prerequisites

Module 2 – What is Splunk?

• Splunk components
• Installing Splunk
• Getting data into Splunk

Module 3 – Introduction to Splunk’s User Interface

• Understand the uses of Splunk
• Define Splunk Apps
• Customizing your user settings
• Learn basic navigation in Splunk

Module 4 – Basic Searching

• Run basic searches
• Use autocomplete to help build a search
• Set the time range of a search
• Identify the contents of search results
• Refine searches
• Use the timeline
• Work with events
• Control a search job
• Save search results

Module 5 – Splunk Licensing

• Understanding Splunk Licensing concepts
• Splunk Developer 10GB License
• Importing License into Splunk

Module 6 – Getting started with Splunk

• Importing Data to Splunk
• Security Use-Case – Finding Attack Vectors
• Basics command- All command and Use case
• Eval Command
• Lookups
• Splunk Event Types
• Tags
• Splunk Events Types Priority and Coloring Scheme
• Splunk Alerts
• Report, schedule report and Alerts.
• Overview of Dashboards and Panels
• Building Dashboard Inputs – Time Range Picker…
• Building Dashboard Inputs – Text Box
• Building Dashboard Inputs – Drop down
• Building Dashboard Inputs – Dynamic DropDown

Module 7 – Understanding Splunk Add-Ons and Apps

• Basic concepts of Add on and App
• Requirements add-on and app
• Integration of Splunk Add-On for AWS and Splunk App for AWS
• Integration of Service now with Splunk.

Module 8 – Splunk Architecture

• Directory Structure of Splunk
• Splunk Configuration Directories
• Splunk Configuration Precedence
• Splunk Configuration Precedence – Apps and Locals
• Introduction to Indexes
• Bucket Lifecycle
• Warm to Cold Bucket Migration
• Archiving Data to Frozen Path
• Thawing Process
• Splunk Workflow Actions

Module 9 – Post Installation Activities

• Understanding Regular Expressions
• Regex – Exercise
• Parsing Web Server Logs & Named Group Expression
• Sample – Web Server Logs
• Importance of Source Types
• Interactive Field Extractor (IFX)
• conf and transforms.conf

Module 10 – Security Primer

• Access Control
• Creating Custom Roles & Capabilities

Module 11 -Distributed Splunk Architecture

• Overview of Distributed Splunk Architecture
• Understanding License Master
• Implementing License Master
• License Pools
• Indexer
• Masking Sensitive Data at Index Time

Module 12-Forwarder & User Management

• Overview of Universal Forwarders
• Installing Universal Forwarder in Linux
• Installation Manual – Splunk Universal Forwarder
• Challenges in Forwarder Management
• Introduction to Deployment Server
• ServerClass and Deployment Apps
• Creating Custom Add-Ons for deployment
• Pushing Splunk Linux Add-On via Deployment Server

Module 13- Indexer Clustering

• Overview of Indexer Clustering
• Deploying Infrastructure for Indexer Cluster
• Document – Deploying Indexer Cluster Docker Containers
• Master Indexer
• Peer Indexers
• Testing Replication and Failover capabilities
• Configuration Bundle
• Forwarding Logs to Indexer Cluster
• Indexer Discovery

Module 14- Search Head Clustering

• Overview of Search Head Clusters
• Deploying Infrastructure for Search Head Cluster
• Configuring Cluster Setup on Search Heads
• Validating Search Head Replication
• Pushing Artifacts through Deployer
• Connecting Search Head Cluster to Indexer Cluster

Module 15 – Advanced Splunk Concepts

• DMC
• Rolling Restart
• Using Btool, diag for Troubleshooting
• Overview of Data Models
• Splunk Support Programs

Key Features of cource

• Instructor Led Training : 24 Hrs
• Exercises & Project Work : 8 Hrs
• Practice and Assignment Documents
• Flexible Schedule
• Lifetime free upgrade
• Interview preparation
• 1 month free Lab Access