Trending Courses

Vendors

Skip Navigation Links

Overview

This 18-hour course is designed for administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.
img-course-overview.jpg

What You'll Learn

  • Understand source types
  • Manage and deploy forwarders
  • Configure data inputs
  • File monitors
  • Network inputs (TCP/UDP)
  • Scripted inputs
  • HTTP inputs (via the HTTP Event Collector)
  • Customize the input phase parsing process
  • Define transformations to modify data before indexing
  • Define search time knowledge object configurations

Who Should Attend

  • Splunk Administrator
  • Developer
  • User
  • Knowledge Manager
  • Architect
img-who-should-learn.png

Prerequisites

To be successful, students should have a solid understanding of the following courses:

  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions

Or the following courses:

  • Fundamentals 1
  • Fundamentals 2 (recommended)

Students should also understand the following courses:

  • Splunk Enterprise System Administration (recommended)

Learning Journey

Coming Soon...

Module 1 – Getting Data Into Splunk

  • Provide an overview of Splunk
  • Describe the Splunk distributed model
  • Describe data input types and metadata settings
  • Configure initial input testing with Splunk Web
  • Testing Indexes with input staging

Module 2 –Config Files and Apps

  • Identify Splunk configuration files and directories
  • Describe index-time and search-time precedence
  • Validate and update configuration files
  • Explore Splunk apps and app installation

Module 3 – Configuring Forwarders

  • Configure Universal Forwarders
  • Configure Heavy Forwarders

Module 4 – Customizing Forwarders

  • Configure intermediate forwarders
  • Identify additional forwarder options

Module 5 – Managing Forwarders

  • Describe Splunk Deployment Server (DS)
  • Manage forwarders using deployment apps
  • Configure deployment clients and client groups
  • Monitor forwarder management activities

Module 6 – Monitor Inputs

  • Create file and directory monitor inputs
  • Use optional settings for monitor inputs
  • Deploy a remote monitor input

Module 7 – Network Inputs

  • Create network (TCP and UDP) inputs
  • Describe optional settings for network inputs

Module 8 – Scripted Inputs

  • Create a basic scripted input

Module 9 – Agentless Inputs

  • Configure Splunk HTTP Event Collector (HEC) agentless input
  • Describe Splunk App for Stream

Module 10 – Operating System Inputs

  • Identify Linux-specific inputs
  • Identify Windows-specific inputs

Module 11 – Fine-tuning Inputs

  • Understand the default processing that occurs during the input phase
  • Configure input phase options, such as source type fine-tuning and character set encoding.

Module 12 – Parsing Phase and Data Preview

  • Understand the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Explain how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase

Module 13 – Manipulating Input Data

  • Explore Splunk transformation methods
  • Create rulesets with Ingest Actions
  • Mask data with Ingest Action rules
  • Mask data with SEDCMD and TRANSFORMS
  • Override sourcetype or host based upon event values

Module 14 – Routing Input Data

  • Filter data with Ingest Action rules
  • Route data with Ingest Action rules
  • Route data with TRANSFORMS

Module 15 – Supporting Knowledge Objects

  • Define default and custom search time field extractions
  • Identify the pros and cons of indexed time field extractions
  • Configure indexed field extractions
  • Describe default search time extractions
  • Manage orphaned knowledge objects

Frequently Asked Questions (FAQs)

  • Why get Splunk certified?

    Splunk certifications validate your expertise in data analytics and your proficiency in using the Splunk platform.

    These certifications demonstrate your ability to leverage Splunk's powerful tools for data collection, analysis, and visualization, making you a valuable asset to organizations seeking to gain actionable insights from their data.

    Splunk-certified professionals are in high demand across various industries, including IT, security, and business analytics.

  • What to expect for the examination?

    Splunk offers a variety of certification exams at different levels, covering various domains and products within the Splunk platform.

    Exams typically consist of multiple-choice and scenario-based questions that assess your knowledge and skills in using Splunk to solve real-world problems.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • How long is Splunk certification valid for?

    All Splunk certifications are valid for three years from the date of passing the highest-level certification exam.

    To maintain your certification, you will need to recertify before it expires. You have three options for recertification:

    - Pursue a higher-level certification (including any required prerequisite courses), in which case your lower-level certifications would also be renewed on the date of passing the next-level certification exam.

    - Retake a certification exam within the final year of their recertification window to renew their certifications at that level (and any applicable downstream certifications).

    - Complete continuing education courses at any point in the three year recertification window beginning the date of badge issuance.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • Why take this course with Trainocate?

    Here’s what sets us apart:

    - Global Reach, Localized Accessibility: Benefit from our geographically diverse training hubs in 16 countries (and counting!).

    - Top-Rated Instructors: Our team of subject matter experts (with high average CSAT and MTM scores) are passionate to help you accelerate your digital transformation.

    - Customized Training Solutions: Choose from on-site, virtual classrooms, or self-paced learning to fit your organization and individual needs.

    - Experiential Learning: Dive into interactive training with our curated lesson plans. Participate in hands-on labs, solve real-world challenges, and take on comprehensive assessments.

    - Learn From The Best: With 30+ authorized training partnerships and countless awards from Microsoft, AWS, Google – you're guaranteed learning from the industry's elite.

    - Your Bridge To Success: We provide up-to-date course materials, helpful exam guides, and dedicated support to validate your expertise and elevate your career.

Keep Exploring

Course Curriculum

Training Schedule

Exam & Certification

Frequently Asked Questions

img-improve-career.jpg

Improve yourself and your career by taking this course.

More Courses By Splunk

Browse All Courses
img-get-info.jpg

Ready to Take Your Business from Great to Awesome?

Level-up by partnering with Trainocate. Get in touch today.

Name
Email
Phone
I'm inquiring for
Inquiry Details

By providing your contact details, you agree to our Privacy Policy.

Stay Connected. Be the first to Know.

Company

Vendors

Services

Customer Service

© Copyright Trainocate 2024. All rights reserved.