Skip to navigation (Press Enter)
Skip to search (Press Enter)
Skip to course offerings (Press Enter)
Skip to content (Press Enter)

+971 56 770 1061 Contact

SP-SEDA

Online Training

Duration
18 hours

Price

on request

Book now

Enquire a date

Classroom Training

Duration
18 hours

Price

on request

Book now

Enquire a date

Splunk

Splunk Enterprise Data Administration (SEDA) – Outline

Detailed Course Outline

Module 1 – Get Data Into Splunk

Provide an overview of Splunk
Describe the Splunk distributed model
Describe data input types and metadata settings
Configure initial input testing with Splunk Web
Test Indexes with input staging

Module 2 – Configuration Files and Apps

Identify Splunk configuration files and directories
Describe index-time and search-time precedence
Validate and update configuration files
Explore Splunk apps and apps installation

Module 3 – Configure Forwarders

Configure Universal Forwarders
Configure Heavy Forwarders

Module 4 – Customize Forwarder

Configure intermediate forwarders
Identify additional forwarder options

Module 5 - Manage Forwarders

Describe the Splunk deployment server
Manage forwarders using deployment apps
Configure deployment clients and client groups
Monitor forwarder management activities

Module 6 – Monitor Inputs

Create file and directory monitor inputs
Use optional settings for monitor inputs
Deploy a remote monitor input

Module 7 – Network Inputs

Create network (TCP and UDP) inputs
Describe optional settings for network inputs

Module 8 – Scripted Inputs

Create a basic scripted input

Module 9 – Agentless Inputs

Configure Splunk HTTP Event Collector (HEC) agentless input
Describe Splunk App for Stream

Module 10 – Operating System Inputs

Identify Linux-specific inputs
Identify Windows-specific inputs

Module 11 – Fine-tuning Inputs

Understand the default processing that occurs during input phase
Configure input phase options

Module 12 – Parsing Phase and Data Preview

Understand the default processing during parsing phase
Optimize and configure event line breaking
Explain how timestamps and time zones are used
Use Data Preview to validate event create during parsing phase

Module 13 – Manipulating Input Data

Explore Splunk transformation methods
Create rulesets with Ingest Actions
Mask data with Ingest Actions rules
Mask data with SEDCMD and TRANSFORMS
Override sourcetype or host base upon event values

Module 14 - Routing Input Data

Filter data with Ingest Action rules
Route data with Ingest Action rules
Route data with Transforms

Module 15 – Supporting Knowledge Objects

Define default and custom search time field extractions
Identify the pros and cons of indexed time field extractions
Configure indexed field extractions
Describe default search-time extractions
Manage orphaned knowledge objects