Splunk Online Training Modules Overview

Splunk Administration Online course

Splunk Developer Topics

• Splunk Development concepts
• Introduction to Splunk, Splunk developer roles and responsibilities

Basic Searching

• Writing Splunk query for search, Autocomplete to build a search, time range, refine search, work with events, identify the contents of search, control a search job
• Hands-on Exercise – Write a basic search query

Using Fields in Searches

• what is Field, how to use Fields in Search, deploying Fields Sidebar and Field Extractor for REGEX field extraction, delimiter field Extraction using FX.
• Hands-on Exercise – Use Fields in Search, Use Fields Sidebar, Use Field Extractor (FX), delimit field Extraction using FX

Saving and Scheduling Searches

• Writing Splunk query for search, sharing, saving, scheduling and exporting search results
• Hands-on Exercise – Schedule a search, Save a search result, Share and export a search result

Creating Alerts

• how to create alerts, understanding alerts and viewing fired alerts.
• Hands-on Exercise –Create an alert in Splunk and view the fired alerts

Scheduled Reports

• Describe and Configure Scheduled Reports

Tags and Event Types

• Introduction to Tags in Splunk, deploying Tags for Splunk search, understanding event types and utility, generating and implementing event types in Search
• Hands-on Exercise – Deploy tags for Splunk search, generate and implement event types in Search

Creating and Using Macros

• What is a Macro,what are Variables and Arguments in Macros
• Hands-on Exercise –First you define a Macro with arguments and then use Variables within it.

Workflow

• GET, POST, and Search workflow actions
• Hands-on Exercise – Create GET, POST, and Search workflow

Splunk Search Commands

• Studying the Search Command, the general search practices, what is a search pipeline, how to specify indexes in search, highlighting the syntax, deploying the various search commands like fields, tables, sort, rename, rex and erex.
• Hands-on Exercise –Steps to create a search pipeline, search index specification, how to highlight syntax, using the autocomplete feature, deploying the various search commands like sort, fields, tables, rename, rex and erex.

Transforming Commands

• Using Top, Rare, Stats Commands
• Hands-on Exercise – Use Top, Rare, Stats Commands

Reporting Commands

• Using following commands and their functions: addcoltotals, addtotals,top, rare,stats
• Hands-on Exercise – Create reports using following commands and their functions: addcoltotals, addtotals

Mapping and Single Value Commands

• iplocation, geostats, geom, addtotals commands
• Hands-on Exercise – Track ip using iplocation, get geo data using geostats

Splunk Reports & visualizations

• Explore the available visualizations, create charts and time charts, omit null values and format results
• Hands-on Exercise – Create time charts, omit null values and format results

Analyzing, Calculating and Formatting Results

• Calculating and analyzing results, value conversion, roundoff and format values, using eval command, conditional statements, filtering calculated search results
• Hands-on Exercise – Calculate and analyze results, perform coversion on a data value, roundoff a numbers, use eval command, write conditional statements,apply filters on calculated search results

Correlating Events

• How to search the transactions, creating report on transactions, grouping events using time and fields, comparing transactions with stats.
• Hands-on Exercise – Generate Report on Transactions, Group events using fields and time

Enriching Data with Lookups

• Learn about data lookups, example, lookup table, defining and configuring automatic lookup, deploying lookup in reports and searches
• Hands-on Exercise – Define and configure automatic lookup, deploy lookup in reports and searches

Creating Reports and Dashboards

• Creating search charts, reports and dashboards, Editing reports and Dashboard, Adding reports to dashboard
• Hands-on Exercise – Create search charts, reports and dashboards, Edit reports and Dashboard, Add reports to dashboard

Getting started with Parsing

• Working with raw data for data extraction, transformation, parsing and preview
• Hands-on Exercise – Extract useful data from raw data, perform transformation, parse different values and preview

Using Pivot

• Describe Pivot, Relationship between data model and pivot, select a data model object, create a pivot report, instant pivot from a search, add a pivot report to dashboard
• Hands-on Exercise – Select a data model object, create a pivot report, create instant pivot from a search, add a pivot report to dashboard

Common Information Model (CIM) Add-On

• What is Splunk CIM, Using the CIM Add-On to normalize data
• Hands-on Exercise – Use the CIM Add-On to normalize data

Splunk Administration Topics

Overview of Splunk

• Introduction to the architecture of Splunk, the various server settings, how to set up the alerts, the various types of licenses, important features of Splunk tool, the requirements of hardware, conditions needed for installation of Splunk.

Splunk Installation

• How to install and configure Splunk, creation of index, standalone server’s input configuration, the preferences for search, Linux environment Splunk installation, administering and architecting of Splunk.

Splunk Installation in Linux

• How to install Splunk in the LInux environment, the conditions needed for Splunk, configuring Splunk in the Linux environment

Distributed Management Console

• Introducing Splunk distributed management console, indexing of clusters,how to deploy distributed search in Splunk environment, forwarder management, user authentication and access control.

Introduction to Splunk App

• Introduction to the Splunk app, how to develop the Splunk apps, Splunk app management, Splunk app add-ons, using Splunkbase for installation and deletion of apps, different app permissions implementation, how to use the Splunk app and apps on forwarder

Splunk indexes and users

• Details of index time configuration file and the search time configuration file.

Splunk configuration files

• Index time and search time configuration file understanding in Splunk, forwarder installation, input and output configuration, Universal Forwarder management, Splunk Universal Forwarder highlights.

Splunk Deployment Management

• Implementing the Splunk tool, deploying it on the server, Splunk environment setup, Splunk client group deployment

Splunk Indexes

• Understanding the Splunk Indexes, the default Splunk Indexes, segregating the Splunk Indexes, learning about Splunk Buckets and Bucket Classification, estimating index storage, creating new index

User roles and authentication

• Understanding the concept of role inheritance, Splunk authentications, native authentications, LDAP authentications

Splunk Administration Environment

• Splunk installation, configuration, data inputs, app management, Splunk important concepts, parsing machine-generated data, search indexer and forwarder.

Basic Production Environment

• Introduction to Splunk Configuration Files, Universal Forwarder, Forwarder Management, data management, troubleshooting and monitoring

Splunk Search Engine

• Converting machine-generated data into operational intelligence, setting up Dashboard, Reports and Charts, integrating Search Head Clustering & Indexer Clustering

Various Splunk Input Methods

• Understanding the input methods, deploying scripted, Windows, network and agentless input types, fine-tuning it all

Splunk User & Index Management

• Splunk User authentication and Job Role assignment, learning to manage, monitor and optimize Splunk Indexes.

Machine Data Parsing

• Understanding parsing of machine-generated data, manipulation of raw data, previewing and parsing, data field extraction, comparing single line and multi-line events.

Search Scaling and Monitoring

• Distributed search concepts, improving search performance, large scale deployment and overcoming execution hurdles, working with Splunk Distributed Management Console for monitoring the entire operation.

Splunk Cluster implementation

• Cluster indexing, configuring individual nodes, configuring the cluster behavior, index and search behavior, setting node type to handle different aspects of cluster like master node, peer node and search head.

Splunk Developer and Admin Projects

Project 1 : Creating an employee database of a company

Industry : General

Problem Statement : How to build a Splunk dashboard where employee details are readily available

Topics : In this project you will create a text file of employee data with details like full name, salary, designation, ID and so on. You will index the data based on various parameters, use various Splunk commands for evaluating and extracting the information. Finally you will create a dashboard and add various reports to it.

Highlights:

• Splunk search & index commands
• Extracting field in search & saving result
• Editing event types and adding tags.

Project 2 : Building an organizational dashboard with Splunk

Industry :  Ecommerce

Problem Statement : How to analyze website traffic and gather insights

Topics :  In this project you will build an analytics dashboard for a website and create alerts for various conditions. You will capture access logs of web server, sample logs are captured and uploaded. You will analyze the top ten users, the average time spent, peak response time of the website,  top ten errors and error code description. You will also create a Splunk dashboard for reporting and analysis.

Highlights :

• Creating bar and line charts
• Sending alerts for various conditions
• Providing admin rights for dashboard.

Project 3 : Field extraction in Splunk

Industry : General

Problem Statement :  how to extract the fields from event data in Splunk

Topics : In this project you will learn to extract fields from events using the Splunk field extraction technique. You will gain knowledge in the basics of field extractions, understand the use of field extractor, the field extraction page in Splunk web and field extract configuration in files. Learn about the regular expression and delimiters method of field extraction. Upon completion of the project you will gain expertise in building Splunk dashboard and use the extracted field’s data in it to create rich visualizations in an enterprise setup.

Highlight:

• Field extraction using delimiter method
• Delimit field extract using FX
• Extracting fields with search command.

Job Opportunities in Splunk

Right now the global industry is facing shortage of skilled experts Splunk With millions of vacancies around the world across different sectors, a career in this domain is being termed as the hottest job of the decade. The effective demand for experts having the right talent & skills to handle all the real-world challenges in this platform will continue to increase for a long period of time as per the experts view. So hurry up & work towards building the best career knowledge in this platform by availing SacrosTek Systems Splunk Online Training.

SacrosTek Systems offer certification programs for Splunk. Certificates are issues on successful completion of the course and the assessment examination. Students are requested to participate in the real-time project program to get first-hand experience on the usage and application of the Splunk. The real-time projects are designed by our team of industry experts to help students get best possible exposure to the Splunk and its applications.