Splunk Enterprise Data Administration
This training course for Splunk Enterprise Data Administration is designed for system administrators who are responsible for getting data into Splunk Indexers. The course offers the knowledge of Splunk forwarders and process to get remote data into Splunk indexers. It covers the installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.
The training course gives the central learning of Splunk forwarders and techniques to get remote information into Splunk indexers. It covers establishment, design, the executives, observing, investigating of Splunk forwarders and Splunk Deployment Server parts.
Splunk is a complex system of multiple interoperating components, as such, it offers many configuration options. Other Splunk administrative tasks involve creating and managing alerts and planning server capacity. In this training course, you will learn how to configure the Splunk to meet your needs. You’ll also learn how to set up alerts, plan server capacity, and manage Splunk servers.
-
Module 1 -Introduction to Data Administration
-
Module 2 - Getting Data In - Staging
-
Module 3 - Configuring Forwarders
-
Module 4 - Forwarder Management
-
Module 5 - Monitor Inputs
-
Module 6 - Network and Scripted Inputs
-
Module 7 - Agentless Inputs
-
Module 8 - Fine Tuning Inputs
-
Module 9 - Parsing Phase and Data
-
Module 10 - Manipulating Raw Data
- Lesson 1: Explain how data transformations are defined and invoked
- Lesson 2: Use transformations with props.conf and transforms.conf to:
- Lesson 3: Mask or delete raw data as it is being indexed
- Lesson 4: Override sourcetype or host based upon event values
- Lesson 5: Route events to specific indexes based on event content
- Lesson 6: Prevent unwanted events from being indexed
- Lesson 7: Use SEDCMD to modify raw data
-
Module 11 - Supporting Knowledge Objects
-
Module 12 - Creating a Diag
0.00 average based on 0 ratings
