Splunk is a powerful software platform used to search, monitor, and analyze machine-generated data such as log files, configurations, and system events. It helps organizations gain insights into their IT infrastructure, security systems, and business operations by providing real-time visibility into large amounts of data. With features such as data collection, indexing, search, reporting, and alerting, Splunk can help identify patterns, troubleshoot issues, and make informed decisions. It is widely used by businesses of all sizes to improve their operations and gain a competitive advantage.

1. Splunk Basics, Licensing, and Configuration Files


  • Introduction to the course
  • What is Splunk
  • What is Machine data
  • Prerequisites
  • Products of Splunk
  • Components of Splunk
  • Splunk Architecture
  • Setting up Splunk search head, indexer
  • Setting up Splunk forwarders
  • Splunk Licensing, Configuration files on Linux
  • Splunk File Precedence
  • Splunk Default Ports
  • Configuration files on Windows
  • Basic AWS Cloud for Infrastructure usage
  • Basic Linux which for Splunk needs
  • Difference between Linux and Windows OS in Splunk configuration
  • Types of files supported in Splunk
  • Common Splunk configuration files, inputs.conf, outputs.conf, indexes.conf, server.conf, web.conf, deploymentclient.conf, savedsearches.conf.


2. Types of Forwarders

  • Universal Forwarders
  • Lighter Forwarders
  • Heavy Forwarders


3. Data On-boarding


  • Upload
  • Monitor
  • Forwarders


4. Data Stages in Splunk through Queues

  • Parsing
  • Merging
  • Typing
  • Indexing
  • Null
  • Persistent


5. Field Extraction


  • Index-time Field Extraction
  • Search-time Field Extraction
  • Which is the best Practice at Splunk point of view

6. Types of Searches and Optimization of Searches


  • Dense
  • Sparse
  • Super Sparse
  • Rare


7. Splunk Search Commands and Reporting Commands


  • Basic search commands-
  • Ex: Fields, Table, Sort, Rename, Search; Understand time range of search.
  • Ex: Learn reporting and transforming commands in Splunk-
  • Ex: Top, rare, stats, chart, timechart, Dedup, Rex, regex fields, table, rename, multikv, stats, event stats, streamstats, append, mvappend, loadjob, join etc…
  • Usage of following commands and their functions: Top, Rare, Stats, Addcoltotals, Addtotals
  • Explore the available visualizations
  • Creation of charts and timecharts
  • Omit null values and format results


8. Managing Users, Indexes, Splunk Admin Roles and Clustering


  • User creation and management
  • Managing indexes
  • Importance of roles
  • Different permissions of each indexes
  • Splunk development concepts
  • Roles and responsibilities of Splunk Developer
  • How to configure LDAP authentication in Splunk
  • Admin role in managing Splunk
  • What is alert?
  • Reports and dashboards
  • Coordinating with Splunk Support
  • Implement Search Head Clustering
  • Implement Indexer Clustering


9. Deployment Process, Alerts, Tags and Event Types


  • Deploy Apps using Deployment server
  • creating tags and using them in search
  • Defining event types and their usefulness
  • Creating and using event types in search
  • creating and modifying alerts and use of Alerts


10.Analyzing & Calculating Results, Fields Extraction and Lookups


  • Using eval command
  • Perform calculations
  • Value Conversion
  • Round values
  • Format values
  • Conditional statements
  • Filtering calculated results
  • Raw Data Manipulation
  • Extraction of Fields,
  • What are lookups?
  • Lookup file example
  • Creating a lookup table
  • Defining a lookup
  • Configuring an automatic lookup
  • Using the lookup in searches and reports


11. Splunk Visualizations, Reports and Dashboards


  • Explore the available visualizations
  • Creating reports and charts
  • Creating dashboards and adding reports


12. Splunk Enhanced Solutions


  • Apps & Add On’s
  • Managing Apps and Add On’s


13.Single Site Clustering and Multi-Site Clustering


  • Deployment server’s deep explanation
  • [Advance] Splunk Clustering techniques-1
  • [Advance] Splunk Clustering techniques-2
  • [Advance] Splunk Clustering techniques-3


   14. Data Ageing and Buckets Concept


  • Managing Index and indexes
  • Buckets like Hot, Warm, Cold, Frozen and Thawed
Quick Enroll