Splunk Development and Administration Course

Splunk Development

SPLUNK DEVELOPMENT BASICS

Splunk Overview
Why use Splunk?
Splunk developer roles and responsibilities

BASIC SEARCHING

Creating a search query in Splunk
Use auto-complete to create a search
Time span
Filter your search
Event Management
Recognizing the search’s contents
Managing a Job Search

FIELDS IN SEARCHES

What is a Field
How to use Fields in search
Deploying Fields Sidebar and Field Extractor for REGEX ﬁeld extraction
Delimiting Field Extraction using FX

SAVING AND SCHEDULING SEARCHES

Writing Splunk query for search
Sharing, saving
Scheduling and exporting search results

CREATING ALERTS, REPORTS, DASHBOARDS

How to create alerts, Understanding alerts, Viewing ﬁred alerts
Creating the reports, Configuring the reports, Finetuning the reports
Scheduling the reports
Creating search charts, reports and dashboards
Editing reports and dashboards
Adding reports to dashboards

TAGS, EVENT TYPES AND MACROS

Introduction to Tags in Splunk
Deploying Tags for Splunk search
Understanding event types and utility
Generating and implementing event types in search
Macro Overview
What are variables and arguments in Macros

SEARCH COMMANDS, WORKFLOW

Studying the search command
The general search practices
What is a search pipeline
How to specify indexes in search
Highlighting the syntax
Deploying the various search commands like fields, tables,
sort, rename, rex and erex
Creating get, post and search workflow actions
Use top, rare and stat commands
Using following commands and their functions: addcoltotals, addtotals, top, rare and stats
Iplocation, geostats, geom and addtotals commands

SPLUNK CALCULATION AND VISUALIZATION

Calculating and analyzing results
Value conversion
Roundoff and format values
Using the eval command
Conditional statements
Filtering calculated search results
Explore the available visualizations
Create charts and time charts
Omit null values and format results

SPLUNK CORRELATION

How to search the transactions
Creating report on transactions
Grouping events using time and ﬁelds
Comparing transactions with stats

DATA LOOKUPS

Learning data lookups
Examples and lookup tables
Deﬁning and conﬁguring automatic lookups
Deploying lookups in reports and searches

PIVOT

Describe pivot
Relationship between data model and pivot
Select a data model object
Create a pivot report
Create instant pivot from a search
Add a pivot report to dashboard

PARSING, BUCKETIZATION, CIM

Working with raw data for data extraction, transformation, parsing and preview
Data Retention configuration
Splunk CIM Overview
Utilizing the CIM Add-On to normalize data

Splunk Administration Course Curriculum

SPLUNK OVERVIEW

Introduction to the architecture of Splunk
Various server settings
How to set up alerts
Various types of licenses
Important features of Splunk tool
The requirements of hardware and conditions needed for installation of Splunk

SPLUNK INSTALLATION

How to install and conﬁgure Splunk
The creation of index
Standalone server’s input conﬁguration
The preferences for search
Linux environment Splunk installation
The administering and architecting of Splunk
How to install Splunk in the Linux environment The conditions needed for Splunk
Conﬁguring Splunk in the Linux environment
Data inputs
App management
Splunk important concepts
Parsing machine-generated data
Search indexer and forwarder

DISTRIBUTED MANAGEMENT CONSOLE

Splunk distributed management console
Indexing of clusters
How to deploy distributed search in Splunk environment
Forwarder management
User authentication and access control

SPLUNK APP AND ADDONS

Introduction to the Splunk app
How to develop Splunk apps
Splunk add-on, important configs
Splunk app management Splunk app add-ons
Using Splunk-base for installation and deletion of apps
Different app permissions and implementation
How to use the Splunk app
Apps on forwarder

SPLUNK INDEXES AND CONFIGURATION FILES

Index time conﬁguration ﬁle
The search time conﬁguration ﬁle
Understanding of Index time and search time conﬁguration ﬁles in Splunk
Forwarder installation
Input and output conﬁguration
Universal Forwarder management
Splunk Universal Forwarder highlights
Understanding the Splunk Indexes
The default Splunk Indexes
Segregating the Splunk Indexes
Learning Splunk Buckets and Bucket Classiﬁcation
Estimating Index storage
Creating new Index

SPLUNK DEPLOYMENT MANAGEMENT

Implementing the Splunk tool
Deploying it on the server
Splunk environment setup
Splunk client group deployment

USER ROLES AND AUTHENTICATION

Exploring the concept of role inheritance
Splunk authentications
Native authentications
LDAP authentications

PRODUCTION ENVIRONMENT

Splunk Conﬁguration Files
Exploring the Universal Forwarder and Forwarder Management
Understanding about the management, troubleshooting, and monitoring
Converting machine-generated data into operational intelligence
Setting up the dashboard, reports, and charts
Integrating Search Head Clustering and Indexer Clustering

SPLUNK INPUT METHODS AND INDEX MANAGEMENT

Exploring the Splunk input methods
Deploying scripted, Windows and network
Agentless input types and ﬁne-tuning them all
Splunk user authentication and job role assignment
Understanding on how to manage, monitor and optimize Splunk Indexes

MACHINE DATA PARSING

Exploring about the parsing of machine-generated data
Manipulation of raw data
Previewing and parsing
Data ﬁeld extraction
Comparing single-line and multi-line events

SEARCH SCALING AND MONITORING

Distributed search concepts
Improving search performance
Large-scale deployment and overcoming execution hurdles
Working with Splunk Distributed Management Console for monitoring the entire operation

SPLUNK CLUSTER IMPLEMENTATION

Exploring the Cluster indexing
Understanding about the conﬁguring individual nodes
Conﬁguring the cluster behaviour, index, and search behaviour
Setting node type to handle different aspects of the cluster like master node, peer node and search head.