Supercharge Your Knowledge For Splunk System Administration

Splunk Backend Administration and Data Onboarding

What you'll learn

Comprehend the core components and architecture of Splunk, including indexers, search heads, and forwarders.

Understand the principles and implementation of indexer clustering to ensure data replication and fault tolerance.

Master the setup and management of search head clusters for high availability and load balancing.

Acquire skills to identify, diagnose, and resolve common issues in Splunk deployments, ensuring continuous system health and availability.

Requirements

A basic understanding of System Administration commands on a Linux (we will use Ubuntu) Operating System.

Description

Unlock the full potential of Splunk with our comprehensive course, "Supercharge Your Knowledge for Splunk System Administration." This course is designed for IT professionals, data analysts, and system administrators who want to become proficient in setting up and managing Splunk environments, as well as effectively ingesting and analyzing logs from diverse sources.Course Objectives:Understand the core components and architecture of Splunk.Learn best practices for setting up a scalable and secure Splunk infrastructure.Gain hands-on experience in installing and configuring Splunk on various platforms.Explore different methods of log ingestion, including forwarders, syslog, APIs, and cloud services.Master the process of indexing and parsing data to optimize search performance.Develop skills to monitor and troubleshoot Splunk deployments.Implement security measures to protect data and ensure compliance.Key Topics:Introduction to Splunk:Overview of Splunk’s architecture and componentsKey use cases and benefitsSetting Up Splunk Infrastructure:System requirements and planningInstallation and configuration of Splunk EnterpriseDeploying Splunk in distributed environmentsData Ingestion Methods:Understanding data sources and data typesConfiguring forwarders for efficient data collectionUsing syslog for centralized loggingIngesting data via APIs and cloud servicesIndexing and Parsing Data:Creating and managing indexesConfiguring inputs.conf and props.conf for data parsingUtilizing field extractions and data transformationsMonitoring and Troubleshooting:Setting up monitoring tools and dashboardsIdentifying and resolving common issuesPerformance tuning and optimization.

Overview

Section 1: Introduction

Lecture 1 Introduction

Lecture 2 Requirements for this Course

Lecture 3 Setting Static Addresses When Virtualizing

Lecture 4 Architecture Design

Lecture 5 Hardware Spec Guides

Lecture 6 Installing A Splunk Enterprise Instance

Lecture 7 Upgrading a Splunk Enterprise Instance

Section 2: Splunk License Servers

Lecture 8 Installing Splunk

Lecture 9 Setting up the Server

Section 3: Splunk Indexers

Lecture 10 Installing Splunk

Lecture 11 Turning on Receiving

Lecture 12 Add Indexers to License Servers

Section 4: Splunk Indexer Manager Node

Lecture 13 Setting Up Manager Node

Lecture 14 Adding Indexers to Manager Node

Lecture 15 Troubleshooting Guid and Machines that Won't Replicate

Lecture 16 Troubleshooting Change the Hostname Used By Splunk Instances

Lecture 17 Send Logs from Manager Node to Indexer Cluster

Lecture 18 Deploying Apps to Indexers Through Manager Node

Lecture 19 Other Features / Capabilities Within Manager Node

Section 5: Splunk Management Console

Lecture 20 DMC Overview and Adding Systems To DMC

Lecture 21 Joining Indexers to DMC

Lecture 22 Joining Deployment Server to DMC

Lecture 23 Review of the DMC Overview Panel

Lecture 24 Changing a Role of a Server in DMC

Lecture 25 Review of Topology Tab on DMC

Lecture 26 Troubleshooting Server Configs With DMC

Lecture 27 Deployment Server Troubleshooting GUIDS

Lecture 28 What is Splunk Assist

Lecture 29 DMC Overview of Tab Options

Section 6: Splunk Search Head

Lecture 30 Send Search Head Logs to the Indexers

Lecture 31 Troubleshooting Hostname Issues in Search Results

Section 7: Heavy Forwarders

Lecture 32 Heavy Forwarders Vs Universal Forwarders and How to Set Them Up

Section 8: Splunk Deployment Server

Lecture 33 Setting up a Deployment Server

Lecture 34 App Structure On Splunk, Deployment, Apps, Manager Apps, etc.

Lecture 35 Joining a Universal Forwarder to the Deployment Server

Lecture 36 Lessons Learned in Deploying Apps - How to Merge Local and Default Directories

Lecture 37 Splunk 9.2 Changes That Cause Clients to Not Show Up in Dashboard

Section 9: Splunk Search Head Cluster

Lecture 38 Search Head Cluster Overview

Lecture 39 Create Deployer

Lecture 40 Join Search Heads to Deployer

Lecture 41 Create Captain

Lecture 42 Validating Search Head Cluster is Working

Lecture 43 Set up Distributed Search

Lecture 44 Adding a Search Head Later After All Install Steps Have Been Done

Lecture 45 Pushing Apps with the Deployer

Section 10: Upgrading Splunk Instances

Lecture 46 Upgrade Order

Lecture 47 Key Activities to Do Before Upgrading Splunk

Lecture 48 General Method for Upgrading Splunk Enterprise

Lecture 49 Upgrading Management Console

Lecture 50 Upgrading Management Node

Lecture 51 Upgrading Deployer

Lecture 52 Upgrading Deployment Server

Lecture 53 Upgrading License Server And Heavy Forwarders,

Lecture 54 Upgrading Search Heads in Search Head Cluster

Lecture 55 Upgrading a Universal Forwarder

Lecture 56 Upgrading Indexers in an Indexer Cluster

Section 11: Interview Preparation Questions

Lecture 57 Interview Preparation Indexes.conf Most Common Settings

Lecture 58 Interview Preparation Apps.conf and Limits.conf Most Common Settings

Lecture 59 Interview Preparation DeploymentClient.conf Most Common Settings

Lecture 60 Interview Preparation Inputs.conf Most Common Settings

Lecture 61 Interview Preparation Web.conf Most Common Settings

Lecture 62 Interview Preparation SavedSearches.conf Most Common Settings

Lecture 63 Interview Preparation Props and Transforms.conf Most Common Settings

Lecture 64 Interview Preparation Macros.conf Most Common Settings

Lecture 65 Interview Preparation Outputs.conf Most Common Settings

Section 12: Adding Common Log Types Into Splunk

Lecture 66 Adding Windows Event Logs

Lecture 67 Adding Windows Sysmon Logs

Lecture 68 Adding Linux System Logs

Lecture 69 Adding Linux Sysmon Logs

Lecture 70 Cribl, and Why I Use It

Lecture 71 Adding CSV and Json Files

Lecture 72 Adding Hec Files

Lecture 73 Adding Scripted Input

Lecture 74 Adding Syslog Data Example

Section 13: Conclusion

Lecture 75 What's Next

For people who want to find employment or improve their skills using Spunk