Course Content
This 9-hour course focuses on large enterprise deployments. Students learn steps and best practices for planning, data collection and sizing for a distributed deployment. Workshop-style labs challenge students to make design decisions about an example enterprise deployment.
Please note that this class may run across two days, with 4.5 hour sessions each day.
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students should have a solid understanding of the following modules:
- Fundamentals 1 & 2 (Retired)
Or the following single-subject modules:
- What is Splunk? (Retired)
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Splunk Enterprise Cluster Administration (SCLA)
Students should also understand the following courses:
Course Objectives
- Splunk deployment planning
- Index and resource planning
- Clustering Overview
- Forwarder and Deployment
- Integration
- Performance Monitoring and Tuning
- Use Cases
Outline: Architecting Splunk Enterprise Deployments (ASED)
Module 1 – Splunk Deployment Planning
- Define the responsibilities of a Splunk Architect
- Introduce the Splunk deployment planning process and tools
- Identify the information that is needed for deployment decisions
- Identify use cases
- Provide lists and resources to aid in collecting requirements
- Review the network topology for Buttercup Games
Module 2 – Index Design
- Define index implementation
- Design indexes
- Estimate storage requirements for indexes
- Identify relevant apps and document impact on inputs and indexes
Module 3 – Resource Planning
- Determine sizing based on Splunk usage
- Define reference server requirements for Indexers, Search heads, and other Splunk
- Describe deployment options such as virtualization and cloud
- Describe the impact of acceleration and apps on resource sizing
Module 4 - Clustering Overview
- Review indexer clustering, including single-site and multi-site clusters
- Define clustering requirements, best practice, and SmartStore
- Review search head clustering
- Defined search head clustering requirements and best practices
Module 5 - Forwarder and Deployment Best Practices
- Review forwarder types
- Manage forwarder installation in an enterprise environment using Deployment Server, Cluster Manager, and SHC Deployer
Module 6 - Integration
- Describe and identify integration methods
Module 7 – Performance Monitoring and Tuning
- Use the Monitoring Console (MC) to track the performance of your test environment before going into production
- Identify options to optimize the production environment
Module 8 – Use Cases
- Provide example architecture topologies
- Discuss different architecture options based on use case