Darum lohnt sich der Kurs
Dieser Fast Track-Kurs bereitet auf die Splunk Admin- und Power User Zertifizierung vor: Sie lernen Installation, Konfiguration, Monitoring, Index Management, Benutzerverwaltung und Datenintegration. Geeignet für Systemadmins und Splunk-User, die On-Premises-Splunk optimal administrieren, Security, Monitoring und Data Admin professionell abbilden wollen.Seminarinhalt
Powered by Arrow ECS GmbH
Dieses Training richtet sich an Systemadministrator*innen und Administrator*innen, die für die :
NUR für Kunden mit Splunk on-prem
Dieses Training richtet sich an Systemadministrator*innen und Administrator*innen, die für die :
- Verwaltung der Splunk Enterprise-Umgebung zuständig sind. Der Kurs vermittelt die grundlegenden Lizenzmanager, Indexer und Suchköpfe von Splunk. Er behandelt die Konfiguration, Verwaltung und Überwachung der Kernkomponenten von Splunk Enterprise.
- um Daten in Splunk Indexer zu bekommen. Der Kurs vermittelt grundlegende Kenntnisse über Splunk-Forwarder und Methoden, um Remote-Daten in Splunk-Indizierer zu bekommen. Er deckt die Installation, Konfiguration, Verwaltung, Überwachung und Fehlerbehebung von Splunk Forwardern und Splunk Deployment Server Komponenten ab.
NUR für Kunden mit Splunk on-prem
Programm
System Administration
Module 1 – Deploying Splunk
▪ Provide an overview of Splunk
▪ Identify Splunk Enterprise components
▪ Identify the types of Splunk deployments
▪ List the steps to install Splunk
▪ Use Splunk CLI commands
▪ Explore security best practices
Module 2 – Monitoring Splunk
▪ Use Splunk Health Report
▪ Enable the Monitoring Console (MC)
▪ Use Splunk Assist ▪ Use Splunk Diag
Module 3 – Licensing Splunk
▪ Identify Splunk license types
▪ Describe license violations
▪ Add and remove licenses
Module 4 – Using Configuration Files
▪ Describe Splunk configuration directory structure
▪ Understand configuration layering process
▪ Use btool to examine configuration settings
Module 5 – Using Apps
▪ Describe Splunk apps and add-ons
▪ Install an app on a Splunk instance
▪ Manage app accessibility and permissions
Module 6 – Creating Indexes
▪ Learn how Splunk indexes function
▪ Identify the types of index buckets
▪ Add and work with indexes
▪ Overview of metrics index
Module 7 – Managing Index
▪ Review Splunk Index Management basics
▪ Identify data retention recommendations
▪ Identify backup recommendations
▪ Move and delete index data
▪ Describe the use of the Fishbucket
▪ Restore a frozen bucket
Module 8 – Managing Users
▪ Add Splunk users using native authentication
▪ Describe user roles in Splunk
▪ Create a custom role ▪ Manage users in Splunk
Module 9 – Configuring Basic Forwarding
▪ Identify forwarder configuration steps
▪ Configure a Universal Forwarder
▪ Understand the Deployment Server
Module 10 – Configuring Distributed Search
▪ Describe how distributed search works
▪ Define the roles of the search head and search peers
Data Administration
Module 1 – Getting Data Into Splunk
▪ Provide an overview of Splunk
▪ Describe the Splunk distributed model
▪ Describe data input types and metadata settings
▪ Configure initial input testing with Splunk Web
▪ Testing Indexes with input staging
Module 2 –Config Files and Apps
▪ Identify Splunk configuration files and directories
▪ Describe index-time and search-time precedence
▪ Validate and update configuration files
▪ Explore Splunk apps and app installation
Module 3 – Configuring Forwarders
▪ Configure Universal Forwarders
▪ Configure Heavy Forwarders
Module 4 – Customizing Forwarders
▪ Configure intermediate forwarders
▪ Identify additional forwarder options
Module 5 – Managing Forwarders
▪ Describe Splunk Deployment Server (DS)
▪ Manage forwarders using deployment apps
▪ Configure deployment clients and client groups
▪ Monitor forwarder management activities
Module 6 – Monitor Inputs
▪ Create file and directory monitor inputs
▪ Use optional settings for monitor inputs
▪ Deploy a remote monitor input
Module 7 – Network Inputs
▪ Create network (TCP and UDP) inputs
▪ Describe optional settings for network inputs
Module 8 – Scripted Inputs
▪ Create a basic scripted input
Module 9 – Agentless Inputs
▪ Configure Splunk HTTP Event Collector (HEC) agentless input
▪ Describe Splunk App for Stream
Module 10 – Operating System Inputs
▪ Identify Linux-specific inputs
▪ Identify Windows-specific inputs
Module 11 – Fine-tuning Inputs
▪ Understand the default processing that occurs during input phase
▪ Configure input phase options, such as source type fine-tuning and character set encoding
Module 12 – Parsing Phase and Data Preview
▪ Understand the default processing that occurs during parsing
▪ Optimize and configure event line breaking
▪ Explain how timestamps and time zones are extracted or assigned to events
▪ Use Data Preview to validate event creation during parsing phase
Module 13 – Manipulating Input Data
▪ Explore Splunk transformation methods
▪ Create rulesets with Ingest Actions
▪ Mask data with Ingest Action rules
▪ Mask data with SEDCMD and TRANSFORMS
▪ Override sourcetype or host based upon event values
Module 14 – Routing Input Data
▪ Filter data with Ingest Action rules
▪ Route data with Ingest Action rules
▪ Route data with TRANSFORMS
Module 15 – Supporting Knowledge Objects
▪ Define default and custom search time field extractions
▪ Identify the pros and cons of indexed time field extractions
▪ Configure indexed field extractions
▪ Describe default search time extractions
▪ Manage orphaned knowledge objects
Module 1 – Deploying Splunk
▪ Provide an overview of Splunk
▪ Identify Splunk Enterprise components
▪ Identify the types of Splunk deployments
▪ List the steps to install Splunk
▪ Use Splunk CLI commands
▪ Explore security best practices
Module 2 – Monitoring Splunk
▪ Use Splunk Health Report
▪ Enable the Monitoring Console (MC)
▪ Use Splunk Assist ▪ Use Splunk Diag
Module 3 – Licensing Splunk
▪ Identify Splunk license types
▪ Describe license violations
▪ Add and remove licenses
Module 4 – Using Configuration Files
▪ Describe Splunk configuration directory structure
▪ Understand configuration layering process
▪ Use btool to examine configuration settings
Module 5 – Using Apps
▪ Describe Splunk apps and add-ons
▪ Install an app on a Splunk instance
▪ Manage app accessibility and permissions
Module 6 – Creating Indexes
▪ Learn how Splunk indexes function
▪ Identify the types of index buckets
▪ Add and work with indexes
▪ Overview of metrics index
Module 7 – Managing Index
▪ Review Splunk Index Management basics
▪ Identify data retention recommendations
▪ Identify backup recommendations
▪ Move and delete index data
▪ Describe the use of the Fishbucket
▪ Restore a frozen bucket
Module 8 – Managing Users
▪ Add Splunk users using native authentication
▪ Describe user roles in Splunk
▪ Create a custom role ▪ Manage users in Splunk
Module 9 – Configuring Basic Forwarding
▪ Identify forwarder configuration steps
▪ Configure a Universal Forwarder
▪ Understand the Deployment Server
Module 10 – Configuring Distributed Search
▪ Describe how distributed search works
▪ Define the roles of the search head and search peers
Data Administration
Module 1 – Getting Data Into Splunk
▪ Provide an overview of Splunk
▪ Describe the Splunk distributed model
▪ Describe data input types and metadata settings
▪ Configure initial input testing with Splunk Web
▪ Testing Indexes with input staging
Module 2 –Config Files and Apps
▪ Identify Splunk configuration files and directories
▪ Describe index-time and search-time precedence
▪ Validate and update configuration files
▪ Explore Splunk apps and app installation
Module 3 – Configuring Forwarders
▪ Configure Universal Forwarders
▪ Configure Heavy Forwarders
Module 4 – Customizing Forwarders
▪ Configure intermediate forwarders
▪ Identify additional forwarder options
Module 5 – Managing Forwarders
▪ Describe Splunk Deployment Server (DS)
▪ Manage forwarders using deployment apps
▪ Configure deployment clients and client groups
▪ Monitor forwarder management activities
Module 6 – Monitor Inputs
▪ Create file and directory monitor inputs
▪ Use optional settings for monitor inputs
▪ Deploy a remote monitor input
Module 7 – Network Inputs
▪ Create network (TCP and UDP) inputs
▪ Describe optional settings for network inputs
Module 8 – Scripted Inputs
▪ Create a basic scripted input
Module 9 – Agentless Inputs
▪ Configure Splunk HTTP Event Collector (HEC) agentless input
▪ Describe Splunk App for Stream
Module 10 – Operating System Inputs
▪ Identify Linux-specific inputs
▪ Identify Windows-specific inputs
Module 11 – Fine-tuning Inputs
▪ Understand the default processing that occurs during input phase
▪ Configure input phase options, such as source type fine-tuning and character set encoding
Module 12 – Parsing Phase and Data Preview
▪ Understand the default processing that occurs during parsing
▪ Optimize and configure event line breaking
▪ Explain how timestamps and time zones are extracted or assigned to events
▪ Use Data Preview to validate event creation during parsing phase
Module 13 – Manipulating Input Data
▪ Explore Splunk transformation methods
▪ Create rulesets with Ingest Actions
▪ Mask data with Ingest Action rules
▪ Mask data with SEDCMD and TRANSFORMS
▪ Override sourcetype or host based upon event values
Module 14 – Routing Input Data
▪ Filter data with Ingest Action rules
▪ Route data with Ingest Action rules
▪ Route data with TRANSFORMS
Module 15 – Supporting Knowledge Objects
▪ Define default and custom search time field extractions
▪ Identify the pros and cons of indexed time field extractions
▪ Configure indexed field extractions
▪ Describe default search time extractions
▪ Manage orphaned knowledge objects
Zielgruppen
Systemadministrator*innen und Administrator*innen
Vorkenntnisse
Teilnehmer*innen sollten über die Kenntnisse des Power User Fast Start Trainings verfügen
Trainings zur Vorbereitung
Wichtige Information
Dieser Fast-Track bereitet Sie auf die Examen Splunk Certified Power User und Splunk Enterprise Certified Admin vor. Beide Examen können über Pearson Vue abgelegt werden.
