Splunk Enterprise Certified Admin

Paths

Splunk Enterprise Certified Admin

Authors: Karun Subramanian, Muhammad Awan

This path focuses on Enterprise Splunk system and data administration. You’ve most likely used Splunk and consider yourself a power user. This path helps you take the next step in... Read more

What you will learn

  • Understanding Splunk admin basics and license management
  • Working with Splunk configuration files
  • Working with Splunk Indexes
  • Managing Users with Splunk
  • Managing Splunk Authentication
  • Getting Data into Splunk
  • Managing Forwarders
  • Configuring distributed search
  • Monitoring and create Inputs
  • Parsing Data in the parsing phase
  • Manipulating raw Data

Pre-requisites

You should be familiar with Splunk and consider yourself a power user. Your knowledge should be equivalent to the Splunk Core Certified User and Power User certifications.

Splunk Enterprise Certified Admin

This path focuses on Enterprise Splunk system and data administration. You’ve most likely used Splunk and consider yourself a power user. This path helps you take the next step in your Splunk journey to be able to harness this amazing tool in your organization as a top notch admin.

In addition to teaching you all you need to know to hit the ground running, these courses cover the objectives on the Splunk Enterprise Certified Admin exam and can help you prepare for certification.

Splunk Enterprise Administration: Working with Configuration Files and Indexes

by Karun Subramanian

Jan 10, 2020 / 2h 9m

2h 9m

Start Course
Description

Splunk has a complex configuration files architecture. In order to be an effective Splunk Enterprise Administrator, one must fully understand how Splunk platform is configured. In addition, a thorough knowledge of Splunk indexes is required. In this course, Splunk Enterprise Administration: Working with Configuration Files and Indexes, you will gain the ability to create, configure, and manage Splunk configuration files and indexes. First, you will learn the layering and precedence of Splunk configuration files. Next, you will discover how to effectively configure Splunk platform using configuration files. Finally, you will explore how to create and manage Splunk indexes. When you are finished with this course, you will have the skills and knowledge of Splunk configuration files and indexes needed to effectively administer Splunk Enterprise.

Table of contents
  1. Course Overview
  2. Understanding Splunk Admin Basics and License Management
  3. Working with Splunk Configuration Files
  4. Understanding Splunk Index
  5. Configuring Indexes

Splunk Enterprise Administration: Managing Users and Authentication

by Karun Subramanian

Mar 26, 2020 / 1h 25m

1h 25m

Start Course
Description

Securing Splunk Enterprise is an important task of a Splunk Administrator. But mastering Splunk's role based access control and various authentication mechanisms can be difficult. In this course, Splunk Enterprise Administration: Managing Users and Authentication, you will gain foundational knowledge of Splunk users and roles management. First, you will learn Splunk's role based access control and the inheritance of capabilities. Next, you will discover configuring external LDAP for authentication and mapping LDAP groups into Splunk roles. Finally, you will explore how to configure single sign-on and multi-factor authentication. When you’re finished with this course, you will have the skills and knowledge of configuring Splunk roles and authentication mechanisms needed to manage Splunk security.

Table of contents
  1. Course Overview
  2. Working with Roles and Users
  3. Creating a Custom Role
  4. Configuring Splunk Authentication

Splunk Enterprise Administration: Managing Data and Forwarders

by Karun Subramanian

Jun 23, 2020 / 2h 20m

2h 20m

Start Course
Description

The most common method of data ingestion in Splunk is using the universal forwarders. While most of the factory settings work well on a universal forwarder, there are numerous options you can (and should) configure for optimal performance. Further, as the number of universal forwarders grow in your environment, managing all of them from one central system is inevitable. In this course, Splunk Enterprise Administration: Managing Data and Forwarders, you will learn the foundational knowledge to configure forwarders for efficiency, manage thousands for forwarders using Splunk deployment servers, and monitor forwarders. First, you will learn how the forwarders work and understand the difference between Splunk universal forwarder and heavy forwarder. Next, you will discover the various options to configure forwarders such as compression, encryption and load balancing. Finally, you will explore how to use Splunk deployment server to manage thousands of forwarders by configuring deployment apps and deployment clients. When you are finished with this course, you will have the skills and knowledge of Splunk administration needed to effectively configure and manage data ingestion.

Table of contents
  1. Course Overview
  2. Getting Data into Splunk
  3. Configure Splunk Forwarders
  4. Manage Splunk Forwarders

Splunk Enterprise Administration: Configuring Distributed Search

by Karun Subramanian

Sep 1, 2020 / 1h 31m

1h 31m

Start Course
Description

Learning to configure a distributed search doesn't need to be difficult. In this course, Splunk Enterprise Administration: Configuring Distributed Search, you'll gain the ability to configure Splunk platform correctly for efficient searching. First, you'll explore the anatomy of a search. Next, you'll discover how Splunk separates search management and presentation layers from indexing and search retrieval layers. Finally, you'll learn what knowledge bundles are and how Splunk manages knowledge bundles. When you are finished with this course, you'll have the skills and knowledge of how to configure distributed search groups needed to scale options available for distributed search.

Table of contents
  1. Course Overview
  2. Understanding distributed search
  3. Configuring distributed search
  4. Scaling distributed search

Splunk Enterprise Administration: Monitoring and Creating Inputs

by Muhammad Awan

Jun 18, 2020 / 2h 31m

2h 31m

Start Course
Description

Being able to ingest data in any format from diverse sources is the key feature a log aggregation tool like Splunk should possess. In this course, Splunk Enterprise Administration: Monitoring and Creating Inputs, you'll learn all the data input methods that Splunk offers. First, you'll explore how to monitor files and directories in Splunk. Next, you'll discover how to configure and deploy scripts, network inputs and Splunk HTTP event Collector for data ingestion. Finally, you'll learn how to override default fields and timestamp extraction at index time. When you're finished with this course, you'll have the skills and knowledge of monitoring and creating inputs required for administering data on-boarding process in Splunk.

Table of contents
  1. Course Overview
  2. Introduction
  3. Monitoring Files and Directories
  4. Getting Data from Network Sources
  5. Getting Windows Data In
  6. Scripted Inputs
  7. The HTTP Event Collector (HEC)
  8. Configuring Inputs

Splunk Enterprise Administration: Parsing and Manipulating Data

by Muhammad Awan

Sep 28, 2020 / 2h 21m

2h 21m

Start Course
Description

Data onboarding in an accurate and efficient manner is the key to timely and reliable monitoring and analysis in Splunk Enterprise.

In this course, Splunk Enterprise Administration: Parsing and Manipulating Data, you’ll learn different methods and techniques to parse and manipulate data at index-time in Splunk.

First, you’ll explore different techniques and options for parsing data while indexing, applying appropriate configuration settings.

Next, you’ll discover how to deal with situations that require extracting custom fields and timestamps as well as overriding the default fields.

Finally, you’ll learn how to route data to specific indexes and filter or mask the event data based on specific criteria.

When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise administration, parsing and manipulating data needed to deploy suitable techniques for handling, parsing and manipulating data while ingesting into Splunk.

Table of contents
  1. Course Overview
  2. Event Processing in Splunk Enterprise
  3. Configuring Event Line-breaking
  4. Identifying and Parsing Timestamps
  5. Overriding Default Fields and Custom Fields Extraction
  6. Routing and Filtering Events
  7. Manipulating Raw Data