Splunk Enterprise System Administration (SESA)

 

Course Content

This course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components

Please note that classes may run across two days, consisting of 6 hour sessions.

Who should attend

  • Administrators

Certifications

This course is part of the following Certifications:

Prerequisites

To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:

Outline: Splunk Enterprise System Administration (SESA)

Module 1 - Deploy Splunk

  • Provide an overview of Splunk
  • Identify Splunk Enterprise components
  • Identify the types of Splunk deployments
  • List the steps to install Splunk
  • Use Splunk CLI commands
  • Explore security best practices

Module 2 - Monitor Splunk

  • Use Splunk Health Report
  • Enable the Monitoring Console (MC)
  • Use Splunk Assist
  • Use Splunk Diag

Module 3 - License Splunk

  • Identify Splunk license types
  • Describe license violations
  • Add and remove licenses

Module 4 - Use Configuration Files

  • Describe Splunk configuration directory structure
  • Understand configuration layering process
  • Use btool to examine configuration settings

Module 5 - Use Apps

  • Describe Splunk apps and add-ons
  • Install an app on a Splunk instance
  • Manage app accessibility and permissions

Module 6 - Create Indexes

  • Learn how Splunk indexes functions
  • Identify the types of index buckets
  • Add and work with indexes
  • Overview of metrics index

Module 7 - Manage Index

  • Review Splunk Index Management basics
  • Identify data retention recommendations
  • Identify backup recommendations
  • Move and delete index data
  • Describe the use of the Fishbucket
  • Restore a frozen bucket

Module 8 - Manage Users

  • Add Splunk users using native authentication
  • Describe user roles in Splunk
  • Create a custom role
  • Manage users in Splunk

Module 9 - Configure Basic Forwarding

  • Identify forwarder configuration steps
  • Configure a Universal Forwarder
  • Understand the Deployment Server

Module 10 - Configure Distributed Search

  • Describe how distributed search works
  • Describe the roles of the search head and search peers

Prices & Delivery methods

Online Training

Duration
2 days

Price
  • Online Training: CAD 2,070
  • Online Training: US $ 1,500
  • Splunk Training Units: 150 SPC
Dates and Booking
Request a date
Classroom Training

Duration
2 days

Price
  • Canada: CAD 2,070
  • Splunk Training Units: 150 SPC
Dates and Booking
Request a date

Click on town name or "Online Training" to book Schedule

Guaranteed date:   We will carry out all guaranteed training regardless of the number of attendees, exempt from force majeure or other unexpected events, like e.g. accidents or illness of the trainer, which prevent the course from being conducted.
This is an Instructor-Led Classroom course
Instructor-led Online Training:   This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training. If you have any questions about our online courses, feel free to contact us via phone or Email anytime.

United States

 Guaranteed to Run Online Training 09:00 Eastern Daylight Time (EDT) Enroll
Online Training 09:00 Eastern Daylight Time (EDT) Enroll
Guaranteed to Run Online Training 09:00 Eastern Daylight Time (EDT) Enroll
Online Training 09:00 Central Standard Time (CST) Enroll

Canada

 Guaranteed to Run Online Training 09:00 Eastern Daylight Time (EDT) Enroll
Online Training 09:00 Eastern Daylight Time (EDT) Enroll
Guaranteed to Run Online Training 09:00 Eastern Daylight Time (EDT) Enroll
Online Training 09:00 Central Standard Time (CST) Enroll