Radical Technologies
Call :+91 8055223360 | 8103400400

SPLUNK DEVELOPMENT & ADMIN

Splunk is a software platform widely used for monitoring, searching, analyzing and visualizing the machine-generated data in real time. It performs capturing, indexing, and correlating the real time data in a searchable container and produces graphs, alerts, dashboards and visualizations. Splunk uses machine data for identifying data patterns, providing metrics, diagnosing problems and providing intelligence for business operations. Splunk is a horizontal technology used for application management, security and compliance, as well as business and web analytics.

Satisfied Learners

SPLUNK DEVELOPMENT & ADMIN TRAINING

Duration: 40 hrs

Course Objectives – Splunk Administration to Architect

Module 1 – Introduction

  • Introduction to the course
  • What is Splunk?
  • Prerequisites

Module 2 – What is Splunk?

  • Splunk components
  • Installing Splunk
  • Getting data into Splunk

Module 3 – Introduction to Splunk’s User Interface

  • Understand the uses of Splunk
  • Define Splunk Apps
  • Customizing your user settings
  • Learn basic navigation in Splunk

Module 4 – Basic Searching

  • Run basic searches
  • Use autocomplete to help build a search
  • Set the time range of a search
  • Identify the contents of search results
  • Refine searches
  • Use the timeline
  • Work with events
  • Control a search job
  • Save search results

Module 5 – Splunk Licensing

  • Understanding Splunk Licensing concepts
  • Splunk Developer 10GB License
  • Importing License into Splunk

 

Module 6 – Getting started with Splunk

  • Importing Data to Splunk
  • Security Use-Case – Finding Attack Vectors
  • Basics command- All command and Use case
  • Eval Command
  • Lookups
  • Splunk Event Types
  • Tags
  • Splunk Events Types Priority and Coloring Scheme
  • Splunk Alerts
  • Report, schedule report and Alerts.
  • Overview of Dashboards and Panels
  • Building Dashboard Inputs – Time Range Picker…
  • Building Dashboard Inputs – Text Box
  • Building Dashboard Inputs – Drop down
  • Building Dashboard Inputs – Dynamic DropDown

Module 7 – Understanding Splunk Add-Ons and Apps

  • Basic concepts of Add on and App
  • Requirements add-on and app
  • Integration of Splunk Add-On for AWS and Splunk App for AWS
  • Integration of Service now with Splunk.

Module 8 – Splunk Architecture

  • Directory Structure of Splunk
  • Splunk Configuration Directories
  • Splunk Configuration Precedence
  • Splunk Configuration Precedence – Apps and Locals
  • Introduction to Indexes
  • Bucket Lifecycle
  • Warm to Cold Bucket Migration
  • Archiving Data to Frozen Path
  • Thawing Process
  • Splunk Workflow Actions

Module 9 – Post Installation Activities

  • Understanding Regular Expressions
  • Regex – Exercise
  • Parsing Web Server Logs & Named Group Expression
  • Sample – Web Server Logs
  • Importance of Source Types
  • Interactive Field Extractor (IFX)
  • conf and transforms.conf

Module 10 – Security Primer

  • Access Control
  • Creating Custom Roles & Capabilities

Module 11 -Distributed Splunk Architecture

  • Overview of Distributed Splunk Architecture
  • Understanding License Master
  • Implementing License Master
  • License Pools
  • Indexer
  • Masking Sensitive Data at Index Time

Module 12-Forwarder & User Management

  • Overview of Universal Forwarders
  • Installing Universal Forwarder in Linux
  • Installation Manual – Splunk Universal Forwarder
  • Challenges in Forwarder Management
  • Introduction to Deployment Server
  • ServerClass and Deployment Apps
  • Creating Custom Add-Ons for deployment
  • Pushing Splunk Linux Add-On via Deployment Server

Module 13- Indexer Clustering

  • Overview of Indexer Clustering
  • Deploying Infrastructure for Indexer Cluster
  • Document – Deploying Indexer Cluster Docker Containers
  • Master Indexer
  • Peer Indexers
  • Testing Replication and Failover capabilities
  • Configuration Bundle
  • Forwarding Logs to Indexer Cluster
  • Indexer Discovery

Module 14- Search Head Clustering

  • Overview of Search Head Clusters
  • Deploying Infrastructure for Search Head Cluster
  • Configuring Cluster Setup on Search Heads
  • Validating Search Head Replication
  • Pushing Artifacts through Deployer
  • Connecting Search Head Cluster to Indexer Cluster

Module 15 – Advanced Splunk Concepts

  • DMC
  • Rolling Restart
  • Using Btool, diag for Troubleshooting
  • Overview of Data Models
  • Splunk Support Programs

Key Features of cource

  • Instructor Led Training : 24 Hrs
  • Exercises & Project Work : 8 Hrs
  • Practice and Assignment Documents
  • Flexible Schedule
  • Lifetime free upgrade
  • Interview preparation
  • 1 month free Lab Access

 

 

Our Courses

Drop A Query

    Call Now ButtonCall Us