Splunk Enterprise System Administration

Splunk Enterprise System Administration

Course Description

Splunk Enterprise System Administration course is designed for system administrators who manage a Splunk Enterprise environment. This course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.

All Courses Idea

Course Objectives

Module 1 - Splunk Developer Overview

  • Splunk overview
  • Identify Splunk components
  • Identify Splunk system administrator role

Module 2 - License Management

  • Identify license types
  • Describe license violations
  • Add and remove licenses

Module 3 -  Splunk Apps

  • Describe Splunk apps and add-ons
  • Install an app on a Splunk instance
  • Manage app accessibility and permissions

Module 4 - Splunk Configuration Files

  • Describe Splunk configuration directory structure
  • Understand configuration layering process
  • Use btool to examine configuration settings

Module 5 - Splunk Indexes

  • Describe index structure
  • List types of index buckets
  • Create new indexes
  • Monitor indexes with Monitoring Console

Module 6 - Splunk Index Management

  • Apply a data retention policy
  • Backup data on indexers
  • Delete data from an index
  • Restore frozen data

Module 7 - Splunk User Management

  • Describe user roles in Splunk
  • Create a custom role
  • Add Splunk users

Module 8 - Splunk Authentication Management

  • Integrate Splunk with LDAP
  • List other user authentication options
  • Describe the steps to enable Multifactor Authentication in Splunk

Module 9 - Getting Data In

  • Describe the basic settings for an input
  • List Splunk forwarder types
  • Configure the forwarder
  • Add an input to UF using CLI

Module 10 - Distributed Search

  • Describe how distributed search works
  • Explain the roles of the search head and search peers
  • Configure a distributed search group

Knowledge of Linux/ Windows Administration.

The new certification for User / Admin is valid for two years and for Architect, Developer, ES or ITSI this is three years. This is from the moment the certificate is obtained. The certification costs are $ 125 per required exam.

This certification exam is a 57-minute, 68-question assessment. ​ Candidates can expect an additional 3 minutes to review the exam agreement, for a total seat time of 60 minutes.