Course Content
This 9-hour course is for architects and others tasked with implementing and managing large enterprise deployments. The course covers Splunk deployment planning, Index and resource planning, an overview of Splunk clustering, forwarder selections and forwarder management, integration with other Splunk and third-party products, performance monitoring and tuning, and Splunk use cases.
Please note that this class may run across two days, with 4.5 hour sessions each day.
Who should attend
Splunk Enterprise Architects
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
- Troubleshooting Splunk Enterprise (TSE)
Additional courses and/or knowledge in these areas are also highly recommended:
Course Objectives
- Splunk deployment planning
- Index and resource planning
- Clustering Overview
- Forwarder and Deployment
- Integration
- Performance Monitoring and Tuning
- Use Cases
Outline: Architecting Splunk Enterprise Deployments (ASED)
Module 1 – Splunk Deployment Planning
- Define the responsibilities of a Splunk Architect
- Introduce the Splunk deployment planning process and tools
- Identify the information that is needed for deployment decisions
- Identify use cases
- Provide lists and resources to aid in collecting requirements
- Review the network topology for Buttercup Games
Module 2 – Index Design
- Define index implementation
- Design indexes
- Estimate storage requirements for indexes
- Identify relevant apps and document impact on inputs and indexes
Module 3 – Resource Planning
- Determine sizing based on Splunk usage
- Define reference server requirements for Indexers, Search heads, and other Splunk
- Describe deployment options such as virtualization and cloud
- Describe the impact of acceleration and apps on resource sizing
Module 4 - Clustering Overview
- Review indexer clustering, including single-site and multi-site clusters
- Define clustering requirements, best practice, and SmartStore
- Review search head clustering
- Defined search head clustering requirements and best practices
Module 5 - Forwarder and Deployment Best Practices
- Review forwarder types
- Manage forwarder installation in an enterprise environment using Deployment Server, Cluster Manager, and SHC Deployer
Module 6 - Integration
- Describe and identify integration methods
Module 7 – Performance Monitoring and Tuning
- Use the Monitoring Console (MC) to track the performance of your test environment before going into production
- Identify options to optimize the production environment
Module 8 – Use Cases
- Provide example architecture topologies
- Discuss different architecture options based on use case