Loading....

Splunk Admin/Developer

Splunk Admin

Course Objective  

Prequisite 

Splunk Development Basic 

 Module 1 –Splunk Developer Overview 

  • Splunk overview 
  • Identify Splunk components 
  • Identify Splunk system administrator role 

Module 2 –License Management 

  • Identify license types 
  • Describe license violations 
  • Add and remove licenses 

 Module 3 –Splunk Apps 

  • Describe Splunk apps and add-ons 
  • Install an app on a Splunk instance 
  • Manage app accessibility and permissions 

Module 4 –Splunk Configuration Files 

  • Describe Splunk configuration directory structure 
  • Understand configuration layering process 
  • Use btool to examine configuration settings 

Getting Data In 

  • Describe the basic settings for an input 
  • List Splunk forwarder types 
  • List the four phases of Splunk Indexing 
  • List Splunk input options 
  • Add an input to UF using CLI 

Module 5 –Monitor Inputs 

  • Create file and directory monitor inputs 
  • Use optional settings for monitor inputs 
  • Deploy a remote monitor input 

Network & Scripted Input 

  • Create network (TCP and UDP) inputs 
  • Describe optional settings for network inputs 
  • Create a basic scripted input 

Agentless Inputs 

  • Identify Windows input types and uses 
  • Understand additional options to get data into Splunk 
  • HTTP Event Collector 
  • Splunk App for Stream 

Fine Tuning Inputs 

  • Understand the default processing that occurs during input phase 
  • Configure input phase options, such as sourcetype fine-tuning and character set encoding 
  • Understand the default processing that occurs during parsing 
  • Optimize and configure event line breaking 
  • Explain how timestamps and time zones are extracted or assigned to events 
  • Use Data Preview to validate event creation during the parsing phase 

Manipulating Raw Data 

  • Explain how data transformations are defined and invoked 
  • Use transformations with props.conf and transforms.conf to: 
  • Mask or delete raw data as it is being indexed 
  • Override sourcetype or host based upon event values 
  • Route events to specific indexes based on event content 
  • Prevent unwanted events from being indexed 
  • Use SEDCMD to modify raw data 

Module 6 –Configuring Forwarders 

  • Understand the role of production Indexers and Forwarders 
  • Understand the functionality of Universal Forwarders and Heavy Forwarders 
  • Describe Splunk Deployment Server 
  • Setting up Deployment Server 
  • Configure Forwarders 
  • Setting up Server Class & App Mapping (Deployment Clients) 
  • Configuring & Pushing App from Deployment Server to Forwarder 
  • Monitor forwarder management activities 

Splunk Indexes 

  • Describe index structure 
  • List types of index buckets 
  • Create new indexes 
  • Monitor indexes with Monitoring Console 

Module 7 –Search Head Cluster 

  • Apply a data retention policy 
  • Backup data on indexers 
  • Delete data from an index 
  • Restore frozen data 

Module 8 –Splunk User Management 

  • Describe user roles in Splunk 
  • Create a custom role 
  • Add Splunk users 

Splunk Authentication Management 

  • Integrate Splunk with LDAP 
  • List other user authentication options 
  • Describe the steps to enable Multifactor Authentication in Splunk 

Module 9 –Distributed Search 

  • Describe how distributed search works 
  • Explain the roles of the search head and search peers 
  • Configure a distributed search group 
  • List search head scaling options 

 Module 10 –Troubleshooting Splunk 

  • Splunk Internal Logging 
  • Splunk _* index usecase in various scenario 
  • Splunk btool command 

 

Splunk Developer

Objective – On Course Completion the Individuals would be able to meet following objectives. 

  • What is Splunk & its capabilities 
  • Understand basic, Intermediate & Advanced level of Splunk 
  • Understand various ways by which data can be on-boarded into Splunk & learn it to implement in real life environments  
  • Data Cleaning, Configurations, Common Information Model (CIM) & Data Modeling 
  • Learn about Splunk Knowledge Objects and Implement it with sample environments. 
  • Basic to Advanced Searching & Reporting 
  • Creating Real-time Dashboards & Alerts 

Module 1 –Introduction to Splunk 

  • What is Splunk?  
  • Log Aggregator 
  • Reporting 
  • Analytics 
  • Machine Learning 
  • Splunk Premium Applications 
  • Splunk ES 
  • Splunk ITSI 
  • Splunk UBA 
  • Splunk real world Use Cases 
  • Competitors of Splunk & Why Splunk? 

Module 2 –Components of Splunk 

  • Forwarder (UF/HF) 
  • Search Head 
  • Indexer 

Installing Splunk 

  • In Windows 
  • In Linux 

Getting data into Splunk 

  • List all types of data inputs in Splunk 
  • Configure File Monitoring 
  • Configure Directory Monitoring (Batch / Monitor) 
  • Configure TCP / UDP Input 
  • Configure HEC (HTTP Event Collector) 
  • Configure Script (PowerShell & Python) 
  • Configure Windows Events logs (Local & Remote) 

 Module 3 – Introduction to Splunk’s User Interface 

  • Talk about Splunk UI 
  • Where to Find App on Splunk (App store) 
  • Manage Splunk (Install, enable, disable app) 
  • Splunk App Menu (Search, Dataset, Reports, Alerts & Dashboards) 
  • Walk through “Settings” menu 

Understand the uses of Splunk 

  • Realtime searching 
  • Alerting 
  • Dashboarding 
  • Machine Learning 

Define Splunk Apps 

  • Create a Splunk App 
  • Create a Splunk Add-on 
  • Download some of the app/add-ons from the app store, install it & configure it 

Customizing your user settings 

  • Talk about Access Control 
  • Authentication Methods 
  • Roles & Responsibilities 

Module 4 –Basic Searching 

  • Run basic searches and general search practices 
  • Use autocomplete to help build a search 
  • Specify indexes in searches 
  • Case sensitivity in searches 
  • Set the time range of a search 
  • Identify the contents of search results 
  • Refine searches 
  • Use the timeline 
  • Work with events 
  • Control a search job 
  • Save search results 
  • Using the job inspector to view search performance 

 Using Fields in Searches 

  • Understand fields 
  • Use fields in searches 
  • Use the fields sidebar 

Module 5 –Using Basic Transforming Commands 

  • The top command 
  • The rare command 
  • The stats command 
  • Eval 
  • Timechart 
  • Join 
  • Where 
  • Fillnull 
  • Filldown 
  • Iplocation 
  • Geostats 
  • Geom 
  • addtotals 

Creating Reports and Dashboards 

  • Save a search as a report 
  • Edit reports 
  • Create reports with visualizations such as charts and tables 
  • Create a dashboard 
  • Add a report to a dashboard 
  • Edit a dashboard 
  • Add Dynamic Inputs (textbox, radiobutton, etc) 
  • Drilldown 
  • Explore visualization types (Apps) 
  • Formatting Charts & visualization 

 Module 6 –Introduction to Knowledge Objects 

  • Identify naming conventions 
  • Review permissions 
  • Manage knowledge objects 

Creating and Using Lookups 

  • Describe lookups  
  • Create a lookup file and create a lookup definition 
  • Configure an automatic lookup 

Exploring Lookups 

  • Including and excluding events based on lookup values 
  • Using KV Store lookups 
  • Using external lookups 
  • Using geospatial lookups 
  • Using database lookups 
  • Understanding best practices for lookups 

Module 7 – Creating and Managing Fields 

  • Perform regex field extractions using the Field Extractor (FX) 
  • Perform delimiter field extractions using the FX 
  • Using regex 
  • Using the erex command 
  • Using the rex command (Learn using rex command and manual field extraction using regex101) 
  • Identifying regex best practices 

Creating Field Aliases and Calculated Fields 

  • Describe, create, and use field aliases 
  • Describe, create and use calculated fields 

Creating Tags and Event Types 

  • Create and use tags 
  • Describe event types and their uses 
  • Create an event type 

Creating Scheduled Reports and Alerts 

  • Describe scheduled reports 
  • Configure scheduled reports 
  • Describe alerts 
  • Create alerts 
  • View fired alerts 
  • Referencing lookups in alerts 
  • Outputting alert results to a lookup 
  • Logging and indexing searchable alert events 
  • Using a webhook alert action 

Creating and Using Macros 

  • Describe macros 
  • Create and use a basic macro 
  • Define arguments and variables for a macro 
  • Add and use arguments with a macro 
  • Using nested search macros 
  • Previewing search macros before executing 
  • Using tags and event types in search macros 

Module 8 –Correlating Events 

  • Identify transactions 
  • Group events using fields 
  • Group events using fields and time 
  • Search with transactions 
  • Report on transactions 
  • Determine when to use transactions vs. stats 

Creating and Using Workflow Actions 

  • Describe the function of GET, POST, and Search workflow actions 
  • Create a GET workflow action 
  • Create a POST workflow action 
  • Create a Search workflow action 

Module 9 –Creating Data Models 

  • Describe the relationship between data models and pivot 
  • Identify data model attributes 
  • Create a data model 
  • Use a data model in pivot 

Datasets and the Common Information Model 

  • Naming conventions 
  • What are datasets? 
  • What is the Common Information Model (CIM)? 
  • Describe the Splunk CIM 
  • List the knowledge objects included with the Splunk CIM Add-On 
  • Use the CIM Add-On to normalize data 

Using Pivot 

  • Describe Pivot 
  • Understand the relationship between data models and pivot 
  • Select a data model object 
  • Create a pivot report 
  • Create an instant pivot from a search 
  • Add a pivot report to a dashboard 

Module 10 –Exploring Statistical Commands 

Performing statistical analysis with functions of the stat command 

  • Using fieldsummary 
  • Using appendpipe 
  • Using eventstats 
  • Using streamstats 

Exploring eval Command Functions 

  • Using conversion functions 
  • Using data and time functions 
  • Using string functions 
  • Using comparison and conditional functions 
  • Using informational functions 
  • Using statistical functions 
  • Using mathematical functions 
  • Using cryptographic functions 

Learn more about our training program.

Get in touch today!

Back To Top