Splunk Enterprise System Administration (SESA)

 

Course Content

This course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components

Please note that classes may run across two days, consisting of 6 hour sessions.

Who should attend

This virtual module is designed for system administrators who are responsible for managing the Splunk Enterprise environment.

Certifications

This course is part of the following Certifications:

Prerequisites

To be successful, students should have a solid understanding of the following modules:

  • Fundamentals 1 (Retired)
  • Fundamentals 2 (Retired)

Or the following single-subject modules:

Course Objectives

  • Splunk Deployment Overview
  • License Management
  • Splunk Configuration Files
  • Splunk Apps
  • Index Management
  • Users, Roles, and Authentication
  • Basic Forwarding
  • Distributed Search

Outline: Splunk Enterprise System Administration (SESA)

Module 1 - Deploying Splunk

  • Provide an overview of Splunk
  • Identify Splunk Enterprise components
  • Identify the types of Splunk deployments
  • List the steps to install Splunk
  • Use Splunk CLI commands

Module 2 - Monitoring Splunk

  • Use Splunk Health Report
  • Enable the Monitoring Console (MC)
  • Use Splunk Assist
  • Use Splunk Diag

Module 3 - Licensing Splunk

  • Identify Splunk license types
  • Describe license violations
  • Add and remove licenses

Module 4 - Using Configuration Files

  • Describe Splunk configuration directory structure
  • Understand configuration layering process
  • Use btool to examine configuration settings

Module 5 - Using Apps

  • Describe Splunk apps and add-ons
  • Install an app on a Splunk instance
  • Manage app accessibility and permissions

Module 6 - Creating Indexes

  • Learn how Splunk indexes functions
  • Identify the types of index buckets
  • Add and work with indexes
  • Overview of metrics index

Module 7 - Managing Index

  • Review Splunk Index Management basics
  • Identify data retention recommendations
  • Identify backup recommendations
  • Move and delete index data
  • Describe the use of the Fishbucket
  • Restore a frozen bucket

Module 8 - Managing Users

  • Add Splunk users using native authentication
  • Describe user roles in Splunk
  • Create a custom role
  • Manage users in Splunk

Module 9 - Configuring Basic Forwarding

  • Identify forwarder configuration steps
  • Configure a Universal Forwarder
  • Understand the Deployment Server

Module 10 - Configuring Distributed Search

  • Describe how distributed search works
  • Describe the roles of the search head and search peers

Prices & Delivery methods

Online Training

Duration
12 hours

Price
  • US$ 1,500
  • Splunk Training Units: 150 SPC
Classroom Training

Duration
12 hours

Price
  • United States: US$ 1,500
  • Splunk Training Units: 150 SPC

Click on town name or "Online Training" to book Schedule

This is an Instructor-Led Classroom course
Guaranteed date:   This green checkmark in the Upcoming Schedule below indicates that this session is Guaranteed to Run.
Instructor-led Online Training:   This is an Instructor-Led Online (ILO) course. These sessions are conducted via WebEx in a VoIP environment and require an Internet Connection and headset with microphone connected to your computer or laptop.
This is a FLEX course, which is delivered simultaneously in two modalities. Choose to attend the Instructor-Led Online (ILO) virtual session or Instructor-Led Classroom (ILT) session.
*   This class is delivered by a partner.

United States

Guaranteed to Run Online Training 09:00 US/Pacific Enroll
Online Training 09:00 US/Eastern Enroll
Online Training 09:00 US/Central Enroll

Canada

Guaranteed to Run Online Training 09:00 Canada/Pacific Enroll
Online Training 09:00 Canada/Eastern Enroll
Online Training 09:00 Canada/Central Enroll