Architecting Splunk Enterprise Deployments

Splunk Training Provider Authorised Learning Partner Australia

The Architecting Splunk Enterprise Deployments course focuses on large enterprise deployments. Students will learn steps and best practices for planning, data collection and sizing for a distributed deployment. Workshop-style labs challenge students to make design decisions about an example enterprise deployments.

Units : 3
Duration : 9 hours over 2 days
Time : 9:00 am – 1:30 pm AEST (GMT +10)

*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.

Architecting Splunk Enterprise Deployments

Instructor is good in his domain, knows what he is talking about, are very experienced as well. he is also willing to share his personal work that he gathers over the years with us. Great attitude.

Participant, Troubleshooting Splunk

Architecting Splunk Enterprise Deployments
Architecting Splunk Enterprise Deployments - Course Topics
  • Requirements definition

  • Index and infrastructure planning

  • Data collection

  • Forwarders and managing deployments

  • Data comprehension

  • Search considerations

  • Development tools and external integration concepts

  • Operations and management

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Course Prerequisites
Related Certifications
Architecting Splunk Enterprise Deployments - Audience

Anyone involved in the design and deployment of Splunk within their organisation or are looking to become Splunk certified. Previous attendees have included Consultants, IT Administrators, Pre-Sales Engineers and Solution Architects.

After completing Architecting Splunk Enterprise Deployments course you will be able to
  • Understand high availability concepts

  • Know how to estimate storage requirements

  • Compare remote collection methods

  • Understand search performance

  • Identify onboarding processes

  • Utilise monitoring tools

Architecting Splunk Enterprise Deployments
Architecting Splunk Enterprise Deployments - Course Objectives

Module 1 – Introduction

  • Overview of the Splunk deployment planning process and associated tools

Module 2 – Planning

  • Identify critical information about environment, volume, users, and requirements

  • Review checklists and resources to aid in collecting requirements

Module 3 – Apps and Index Design

  • Design and size indexes

  • Plan app deployment

Module 4 – Infrastructure

  • Learn sizing factors for servers

  • Understand how reference hardware is used to scale deployments

  • Identify the impact of clustering for index replication and for search heads

  • Identify best practices for authentication, authorization and access control

Module 5- Data Collection

  • Compare agent-based and agentless data collection methods

  • Discuss data inputs

  • Compare remote collection methods

Module 6 – Forwarders and Deployment Management

  • Review types of forwarders

  • Understand how to manage forwarder installation

  • Understand configuration management for all Splunk components, using Splunk deployment tools

Module 7 – Data Comprehension and Enrichment

  • Identify the six things you must get correct at index time

  • Discuss Common Information Model

  • Discuss Data Models and data model design

  • Discuss data enrichment, including lookups and KV Store

Module 8 – Querying

  • Discuss search performance

  • Discuss differences between summarization methods

Module 9 – Integration

  • Describe integration methods

  • Identify common integration points

Module 10 – Operations and Management

  • Identify ongoing tasks in a Splunk deployment

  • Identify backup and archiving methods

  • Discuss onboarding processes

  • Review monitoring tools and apps

Splunk Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

AM Marked Splunk Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

PM Marked Splunk Courses

PM marked courses start at AET  2:00pm and finish at AET 6:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

  • UTC+9 including Japan, Korea

  • UTC+8 including Australia (West Coast), Singapore, Hong Kong, China, Philippines, Brunei, Thailand

  • UTC +5/+6 including India and Sri Lanka

Architecting Splunk Enterprise Deployments - Upcoming Courses