Vendors

Splunk Enterprise Data Administration is designed for administrators responsible for getting data into Splunk indexers. The course provides fundamental knowledge of Splunk forwarders and methods to ingest remote data into Splunk environments. It covers the installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Deployment Server components, enabling effective and scalable data onboarding.

img-course-overview.jpg

What You'll Learn

Participants will gain the ability to:

  • Understand the Splunk distributed data ingestion model
  • Configure various types of data inputs (file, network, OS, scripted, agentless)
  • Install, configure, and manage Splunk universal and heavy forwarders
  • Use the Splunk Deployment Server to manage and monitor forwarder deployments
  • Customize and fine-tune data inputs and parsing processes
  • Implement data routing and transformation rules (e.g., masking, filtering, routing)
  • Configure knowledge object support at both index-time and search-time

Who Should Attend

This course is suitable for:

  • Splunk administrators responsible for data onboarding and ingestion
  • IT and DevOps professionals managing forwarder infrastructure
  • Individuals preparing for Splunk Enterprise Admin certification or related roles
img-who-should-learn.png

Prerequisites

Participants must have completed the following Splunk Education courses or possess equivalent working knowledge:

  • Intro to Splunk
  • Using Fields
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Data Models

Highly recommended (optional) prior knowledge:

  • Troubleshooting Splunk Enterprise
  • Splunk Enterprise System Administration
  • Transitioning to Splunk Cloud

Learning Journey

Coming Soon...

Module 1 – Get Data into Splunk

  • Overview of Splunk
  • Splunk distributed model
  • Input types and metadata
  • Input testing and staging

Module 2 – Configuration Files and Apps

  • Configuration files and directory structure
  • Precedence rules (index-time vs. search-time)
  • File validation and updates
  • Splunk apps and installation

Module 3 – Configure Forwarders

  • Universal and heavy forwarder configuration

Module 4 – Customize Forwarders

  • Intermediate forwarders
  • Additional forwarding options

Module 5 – Manage Forwarders

  • Deployment Server overview
  • Managing forwarders via deployment apps
  • Client group configuration and monitoring

Module 6 – Monitor Inputs

  • File and directory monitor inputs
  • Optional input settings
  • Remote monitor input deployment

Module 7 – Network Inputs

  • TCP and UDP inputs
  • Optional settings for network inputs

Module 8 – Scripted Inputs

  • Creating scripted data inputs

Module 9 – Agentless Inputs

  • HTTP Event Collector (HEC)
  • Splunk App for Stream

Module 10 – Operating System Inputs

  • Linux-specific inputs
  • Windows-specific inputs

Module 11 – Fine-tune Inputs

  • Default processing in input phase
  • Input phase configuration options

Module 12 – Parsing Phase and Data Preview

  • Parsing phase processing
  • Line breaking, timestamps, time zones
  • Validating with Data Preview

Module 13 – Manipulate Input Data

  • Splunk data transformation methods
  • Ingest Actions rulesets
  • Data masking using Ingest Actions, SEDCMD, TRANSFORMS
  • Overriding sourcetype or host

Module 14 – Route Input Data

  • Filtering and routing with Ingest Actions
  • Routing with TRANSFORMS

Module 15 – Support Knowledge Objects

  • Field extractions (search-time and indexed)
  • Pros/cons of indexed field extractions
  • Managing orphaned knowledge objects

After taking this course and the Splunk Enterprise System Administration Course, you can attempt the Splunk Enterprise Certified Administrator Exam.

Frequently Asked Questions (FAQs)

  • Why get Splunk certified?

    Splunk certifications validate your expertise in data analytics and your proficiency in using the Splunk platform.

    These certifications demonstrate your ability to leverage Splunk's powerful tools for data collection, analysis, and visualization, making you a valuable asset to organizations seeking to gain actionable insights from their data.

    Splunk-certified professionals are in high demand across various industries, including IT, security, and business analytics.

  • What to expect for the examination?

    Splunk offers a variety of certification exams at different levels, covering various domains and products within the Splunk platform.

    Exams typically consist of multiple-choice and scenario-based questions that assess your knowledge and skills in using Splunk to solve real-world problems.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • How long is Splunk certification valid for?

    All Splunk certifications are valid for three years from the date of passing the highest-level certification exam.

    To maintain your certification, you will need to recertify before it expires. You have three options for recertification:

    - Pursue a higher-level certification (including any required prerequisite courses), in which case your lower-level certifications would also be renewed on the date of passing the next-level certification exam.

    - Retake a certification exam within the final year of their recertification window to renew their certifications at that level (and any applicable downstream certifications).

    - Complete continuing education courses at any point in the three year recertification window beginning the date of badge issuance.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • Why take this course with Trainocate?

    Here’s what sets us apart:

    - Global Reach, Localized Accessibility: Benefit from our geographically diverse training hubs in 24 countries (and counting!).

    - Top-Rated Instructors: Our team of subject matter experts (with high average CSAT and MTM scores) are passionate to help you accelerate your digital transformation.

    - Customized Training Solutions: Choose from on-site, virtual classrooms, or self-paced learning to fit your organization and individual needs.

    - Experiential Learning: Dive into interactive training with our curated lesson plans. Participate in hands-on labs, solve real-world challenges, and take on comprehensive assessments.

    - Learn From The Best: With 30+ authorized training partnerships and countless awards from Microsoft, AWS, Google – you're guaranteed learning from the industry's elite.

    - Your Bridge To Success: We provide up-to-date course materials, helpful exam guides, and dedicated support to validate your expertise and elevate your career.

Keep Exploring

Course Curriculum

Course Curriculum

Training Schedule

Training Schedule

Exam & Certification

Exam & Certification

FAQs

Frequently Asked Questions

img-improve-career.jpg

Improve yourself and your career by taking this course.

img-get-info.jpg

Ready to Take Your Business from Great to Awesome?

Level-up by partnering with Trainocate. Get in touch today.

Name
Email
Phone
I'm inquiring for
Inquiry Details

By submitting this form, you consent to Trainocate processing your data to respond to your inquiry and provide you with relevant information about our training programs, including occasional emails with the latest news, exclusive events, and special offers.

You can unsubscribe from our marketing emails at any time. Our data handling practices are in accordance with our Privacy Policy.