Logo Splunk

Splunk Enterprise 9.0 Administration Fast Start

Seminarinhalt

Powered by Arrow ECS GmbH

Dieses Training richtet sich an Systemadministrator*innen und Administrator*innen, die für die :
 
  • Verwaltung der Splunk Enterprise-Umgebung zuständig sind. Der Kurs vermittelt die grundlegenden Lizenzmanager, Indexer und Suchköpfe von Splunk. Er behandelt die Konfiguration, Verwaltung und Überwachung der Kernkomponenten von Splunk Enterprise.
  • um Daten in Splunk Indexer zu bekommen. Der Kurs vermittelt grundlegende Kenntnisse über Splunk-Forwarder und Methoden, um Remote-Daten in Splunk-Indizierer zu bekommen. Er deckt die Installation, Konfiguration, Verwaltung, Überwachung und Fehlerbehebung von Splunk Forwardern und Splunk Deployment Server Komponenten ab.

NUR für Kunden mit Splunk on-prem

Programm

System Administration

Module 1 – Deploying Splunk
▪ Provide an overview of Splunk
▪ Identify Splunk Enterprise components
▪ Identify the types of Splunk deployments
▪ List the steps to install Splunk
▪ Use Splunk CLI commands
▪ Explore security best practices

Module 2 – Monitoring Splunk
▪ Use Splunk Health Report
▪ Enable the Monitoring Console (MC)
▪ Use Splunk Assist ▪ Use Splunk Diag

Module 3 – Licensing Splunk
▪ Identify Splunk license types
▪ Describe license violations
▪ Add and remove licenses

Module 4 – Using Configuration Files
▪ Describe Splunk configuration directory structure
▪ Understand configuration layering process
▪ Use btool to examine configuration settings

Module 5 – Using Apps
▪ Describe Splunk apps and add-ons
▪ Install an app on a Splunk instance
▪ Manage app accessibility and permissions

Module 6 – Creating Indexes
▪ Learn how Splunk indexes function
▪ Identify the types of index buckets
▪ Add and work with indexes
▪ Overview of metrics index

Module 7 – Managing Index
▪ Review Splunk Index Management basics
▪ Identify data retention recommendations
▪ Identify backup recommendations
▪ Move and delete index data
▪ Describe the use of the Fishbucket
▪ Restore a frozen bucket

Module 8 – Managing Users
▪ Add Splunk users using native authentication
▪ Describe user roles in Splunk
▪ Create a custom role ▪ Manage users in Splunk

Module 9 – Configuring Basic Forwarding
▪ Identify forwarder configuration steps
▪ Configure a Universal Forwarder
▪ Understand the Deployment Server

Module 10 – Configuring Distributed Search
▪ Describe how distributed search works
 ▪ Define the roles of the search head and search peers
 

Data Administration

Module 1 – Getting Data Into Splunk
▪ Provide an overview of Splunk
▪ Describe the Splunk distributed model
▪ Describe data input types and metadata settings
▪ Configure initial input testing with Splunk Web
▪ Testing Indexes with input staging

Module 2 –Config Files and Apps
▪ Identify Splunk configuration files and directories
▪ Describe index-time and search-time precedence
▪ Validate and update configuration files
▪ Explore Splunk apps and app installation

Module 3 – Configuring Forwarders
▪ Configure Universal Forwarders
▪ Configure Heavy Forwarders

Module 4 – Customizing Forwarders
▪ Configure intermediate forwarders
▪ Identify additional forwarder options

Module 5 – Managing Forwarders
▪ Describe Splunk Deployment Server (DS)
▪ Manage forwarders using deployment apps
▪ Configure deployment clients and client groups
▪ Monitor forwarder management activities

Module 6 – Monitor Inputs
▪ Create file and directory monitor inputs
▪ Use optional settings for monitor inputs
▪ Deploy a remote monitor input

Module 7 – Network Inputs
▪ Create network (TCP and UDP) inputs
▪ Describe optional settings for network inputs

Module 8 – Scripted Inputs
 ▪ Create a basic scripted input

Module 9 – Agentless Inputs
▪ Configure Splunk HTTP Event Collector (HEC) agentless input
▪ Describe Splunk App for Stream

Module 10 – Operating System Inputs
▪ Identify Linux-specific inputs
▪ Identify Windows-specific inputs

Module 11 – Fine-tuning Inputs
▪ Understand the default processing that occurs during input phase
▪ Configure input phase options, such as source type fine-tuning and character set encoding

Module 12 – Parsing Phase and Data Preview
▪ Understand the default processing that occurs during parsing
▪ Optimize and configure event line breaking
▪ Explain how timestamps and time zones are extracted or assigned to events
▪ Use Data Preview to validate event creation during parsing phase

Module 13 – Manipulating Input Data
▪ Explore Splunk transformation methods
▪ Create rulesets with Ingest Actions
▪ Mask data with Ingest Action rules
▪ Mask data with SEDCMD and TRANSFORMS
▪ Override sourcetype or host based upon event values

Module 14 – Routing Input Data
▪ Filter data with Ingest Action rules
▪ Route data with Ingest Action rules
▪ Route data with TRANSFORMS

Module 15 – Supporting Knowledge Objects
▪ Define default and custom search time field extractions
▪ Identify the pros and cons of indexed time field extractions
▪ Configure indexed field extractions
▪ Describe default search time extractions
▪ Manage orphaned knowledge objects

Zielgruppen

Systemadministrator*innen und Administrator*innen

Vorkenntnisse

Teilnehmer*innen sollten über die Kenntnisse des Power User Fast Start Trainings verfügen

Trainings zur Vorbereitung

Wichtige Information

Dieser Fast-Track bereitet Sie auf die Examen Splunk Certified Power User und Splunk Enterprise Certified Admin vor. Beide Examen können über Pearson Vue abgelegt werden.

Downloads

4 Tage ab  3.750,-
Termin wählen
Trainings-ID:
SPL-FT
Ort:
Online

Jetzt buchen

  • 15.09.-18.09.2025 15.09.2025 4 Tage 4T Online ab  3.750,-

      Trainingspreis

       3.750,-
    • Trainingspreis Online  3.750,-
  • 10.11.-13.11.2025 10.11.2025 4 Tage 4T Online ab  3.750,-

      Trainingspreis

       3.750,-
    • Trainingspreis Online  3.750,-

Sie haben Fragen?

Ihr ETC Support

Kontaktieren Sie uns!

+43 1 533 1777-99

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form

Unsere Empfehlungen für Sie

08.09.2025+1
 4.000,-
17.11.2025
 3.500,-

Was ist die ETC-Wissensgarantie?

Sie möchten Ihr Seminar noch einmal besuchen? Die ETC-Wissensgarantie macht es möglich! Ob im Krankheitsfall, bei Planänderung im Unternehmen oder um Ihr Trainings-Knowhow aufzufrischen: Besuchen Sie dazu Ihr Training innerhalb von bis zu 12 Monaten nochmals kostenlos! Ohne Stornokosten oder sonstiger Zusatzstress.

Weitere Infos

Lernformen im Überblick

Mehr darüber