trainocate-splunk-training-b
Home > Vendors > splunk > splk-seaa8.2

SPLK-SEAA8.2 - Splunk Enterprise 8.2 Data Administration

Overview

Duration: 3.0 days
This 3 virtual day certification & training course is designed for administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.

Objectives

Please refer to course overview

Audience

_

Content

Module 1 - Getting Data Into Splunk

  • Provide an overview of Splunk
  • Describe the four phases of the distributed model
  • Describe data input types and metadata settings
  • Configure initial input testing with Splunk Web
  • Testing indexes with Input Staging

Module 2 - Configuration Files

  • Identify Splunk configuration files and directories
  • Describe index-time and search-time precedence
  • Validating and updating configuration files

Module 3 - Forwarder Configuration

  • Understand the role of production Indexers and forwarders
  • Understand and configure Universal Forwarders
  • Understand and configure Heavy Forwarders
  • Understand and configure intermediate forwarders
  • Identify additional forwarder options

Module 4 - Forwarder Management

  • Describe Splunk Deployment Server (DS)
  • Manage forwarders using deployment apps
  • Configure deployment clients and client groups
  • Monitor forwarder management activities

Module 5 - Monitor Inputs

  • Create file and directory monitor inputs
  • Use optional settings for monitor inputs
  • Deploy a remote monitor input

Module 6 - Network Inputs

  • Create network (TCP and UDP) inputs
  • Describe optional settings for network inputs

Module 7 - Scripted Inputs

  • Create a basic scripted input

Module 8 - Agentless Inputs

  • Understand and configure Splunk HTTP Event Collector (HeC) agentless input
  • Understanding Splunk App for Stream

Module 9 - Operating System Inputs

  • Understand Linux-specific inputs
  • Understanding Windows-specific inputs

Module 10 - Fine-tuning Inputs

  • Understand the default processing that occurs during input phase
  • Configure input phase options, such as sourcetype fine-tuning and character set encoding

Module 11 - Parsing Phase and Data Preview

  • Understand the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Explain how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase

Module 12 - Manipulating Raw Data

  • Explain how data transformations are defined and invoked
  • Use transformations with props. conf and transforms. conf to:
    • Mask or delete raw data as it is being indexed
    • Override source type or host based upon event values
    • Route events to specific indexes based on event content
    • Prevent unwanted events from being indexed
  • Use SEDCMD to modify raw data

Module 13 - Supporting Knowledge Objects

  • Define default and custom search time field extractions
  • Define the pros and cons of index time field extractions
  • Configure indexed field time extractions
  • Describe default search time extractions
  • Manage orphaned knowledge objects

Prerequisites

Required:

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

Strongly Recommended:

  • Splunk System Administration

Certification

Schedule




Enquire Now
 
 
 
 
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy