SPLK-SEAA8.2 - Splunk Enterprise 8.2 Data Administration

This 3 virtual day certification & training course is designed for administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.

Duration: 3.0 days

Enquire Now

Schedule

Virtual ILT | 12 Dec 2022 - 14 Dec 2022 India
Virtual ILT | 12 Dec 2022 - 14 Dec 2022 Sri Lanka

Start learning today!

Click Hereto customize your Training

Objectives

  • Understand sourcetypes
  • Manage and deploy forwarders
  • Configure data inputs
  • Fire monitors
  • Network inputs (TCP/UDP)
  • Scripted inputs
  • HTTP inputs (via the HTTP Event Collector)
  • Customize the input phase parsing process
  • Define transformations to modify data before indexing
  • Define search time knowledge object configurations

Content

Module 1 - Getting Data Into Splunk

  • Provide an overview of Splunk
  • Describe the four phases of the distributed model
  • Describe data input types and metadata settings
  • Configure initial input testing with Splunk Web
  • Testing indexes with Input Staging

Module 2 - Configuration Files

  • Identify Splunk configuration files and directories
  • Describe index-time and search-time precedence
  • Validating and updating configuration files

Module 3 - Forwarder Configuration

  • Understand the role of production Indexers and forwarders
  • Understand and configure Universal Forwarders
  • Understand and configure Heavy Forwarders
  • Understand and configure intermediate forwarders
  • Identify additional forwarder options

Module 4 - Forwarder Management

  • Describe Splunk Deployment Server (DS)
  • Manage forwarders using deployment apps
  • Configure deployment clients and client groups
  • Monitor forwarder management activities

Module 5 - Monitor Inputs

  • Create file and directory monitor inputs
  • Use optional settings for monitor inputs
  • Deploy a remote monitor input

Module 6 - Network Inputs

  • Create network (TCP and UDP) inputs
  • Describe optional settings for network inputs

Module 7 - Scripted Inputs

  • Create a basic scripted input

Module 8 - Agentless Inputs

  • Understand and configure Splunk HTTP Event Collector (HeC) agentless input
  • Understanding Splunk App for Stream

Module 9 - Operating System Inputs

  • Understand Linux-specific inputs
  • Understanding Windows-specific inputs

Module 10 - Fine-tuning Inputs

  • Understand the default processing that occurs during input phase
  • Configure input phase options, such as sourcetype fine-tuning and character set encoding

Module 11 - Parsing Phase and Data Preview

  • Understand the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Explain how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase

Module 12 - Manipulating Raw Data

  • Explain how data transformations are defined and invoked
  • Use transformations with props. conf and transforms. conf to:
    • Mask or delete raw data as it is being indexed
    • Override source type or host based upon event values
    • Route events to specific indexes based on event content
    • Prevent unwanted events from being indexed
  • Use SEDCMD to modify raw data

Module 13 - Supporting Knowledge Objects

  • Define default and custom search time field extractions
  • Define the pros and cons of index time field extractions
  • Configure indexed field time extractions
  • Describe default search time extractions
  • Manage orphaned knowledge objects

Audience

_

Prerequisites

Required:

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

Strongly Recommended:

  • Splunk System Administration

Certification

product-certification

Course Benefits

product-benefits
  • Career growth
  • Broad Career opportunities
  • Worldwide recognition from leaders
  • Up-to Date technical skills
  • Popular Certification Badges

Splunk Popular Courses

splk-dyd

This course focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.

splk-introdyd

This course focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.

splk-lls

This course will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources

splk-wtime

This course will focus on searching and formatting time in addition to using time commands and working with time zones.
Enquire Now
 
 
 
 
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy