Overview
This two day boot camp equips participants with the knowledge and skills they need to take full advantage of Splunk. The course is exercise-intensive and helps participants gain a deeper understanding of the tool. During the course, participants will learn how to properly collect, analyze and utilize machine data using Splunk.
What You'll Learn
- Overview of Splunk
- Understanding data and indexes
- Learning how to upload the data
- Using the field extractor tool in Splunk
- Learning how to use the forwarder to send data
- Working with the Search Processing Language (SLP)
- Creating dashboards in Splunk
- Understanding the different types of visualizations
- Creating and scheduling alerts in Splunk
Curriculum
- What’s Splunk?
- Authentication Methods
- Access Controls & Users
- Products, Licensing, and Costs
- Quick Tour Guide: User Interface
- Exercise:Lab Environment and Configuration
- Splunk Data
- What are Indexes?
- What are Indexers?
- Exercise: Create Your First Index
- Search-Head
- Index Clusters
- Index Pipeline
- Exercise: Upload Data Manually
- Events
- Fields & Field Extraction
- Exercise: Using the Field Extractor Tool
- Forwarders
- Metrics
- Exercise: Using the Forwarder to Send Data
- Removing Data
- Components of Splunk Deployments
- Deployment Scenarios
- What is Search Processing Language (SPL)?
- Searching Operators
- Search Commands
- Search Pipeline
- Exercise: Search Examples
- Subsearches
- Commonly Used Search Commands
- Exercise: Search Examples II
- Drilldowns
- Lookups
- Exercise: Using Lookups
- Optimize Searches
- Exercise: Search Examples III
- Dashboards in Splunk
- Creating Dashboards
- Visualization Types
- Search as Reports
- Dashboards
- Exercise: Creating a Dashboard
- Drilldown
- Forms
- Exercise: Add Input Forms
- Exercise: Drilldown
- Creating Alerts
- Scheduling Alerts
- Alerts Notifications
- Exercise: Creating Alerts
- Creating Scheduled Reports
- Exercise: Create a Scheduled Report
Exercise: As a final lab, you’ll configure a typical scenario when using Splunk. You’ll install and configure an NGINX, then the Splunk forwarder to collect logs in Splunk. The idea is that you can apply everything you’ve learned within the Bootcamp: creating searches, visualizations, dashboards, etc.
Who should attend
The course is highly recommended for –
- Developers
- Testers and QA teams
- Release engineers
- IT operations professionals
- DevOps practitioners
- DBAs and data engineering teams
- Security managers
- Security administrators
- Senior business intelligence architects and consultants
- Senior business analysts
- Anyone responsible for implementing business intelligence
Prerequisites
Participants need to have an understanding of basic Linux administration and familiarity with using the command line. Having an understanding of basic networking concepts is beneficial.
