top of page

Architecting Splunk Enterprise Deployments

Splunk Training Provider Authorised Learning Partner Australia

The Architecting Splunk Enterprise Deployments course focuses on large enterprise deployments. Students will learn steps and best practices for planning, data collection and sizing for a distributed deployment. Workshop-style labs challenge students to make design decisions about an example enterprise deployments.

​

Splunk Credit Value : 150

Duration : 9 hours over 2 days

Time : 9:00 am - 1:30 pm AEST

​

*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.

Buy Splunk Architecting Enterprise Deployments Training Course Now
Architecting Splunk Enterprise Deployments

Instructor is good in his domain, knows what he is talking about, are very experienced as well. he is also willing to share his personal work that he gathers over the years with us. Great attitude.

Participant, Troubleshooting Splunk

Architecting Splunk Enterprise Deployments
Architecting Splunk Enterprise Deployments - Course Topics

  • Requirements definition

  • Index and infrastructure planning

  • Data collection

  • Forwarders and managing deployments

  • Data comprehension

  • Search considerations

  • Development tools and external integration concepts

  • Operations and management

Course Prerequisites

Splunk Fundamentals 1

Splunk Fundamentals 2

or the following Single Subject Courses

  • What Is Splunk?

  • Intro to Splunk

  • Using Fields

  • Introduction to Knowledge Objects

  • Creating Knowledge Objects

  • Creating Field Extractions

​

Students should also understand the following courses.

Splunk Enterprise System Administration

Splunk Enterprise Data Administration

​

Architecting Splunk Enterprise Deployments - Audience

Anyone involved in the design and deployment of Splunk within their organisation or are looking to become Splunk certified. Previous attendees have included Consultants, IT Administrators, Pre-Sales Engineers and Solution Architects.

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Related Certifications

Splunk Enterprise Certified Architect

After completing Architecting Splunk Enterprise Deployments course you will be able to

  • Understand high availability concepts

  • Know how to estimate storage requirements

  • Compare remote collection methods

  • Understand search performance

  • Identify onboarding processes

  • Utilise monitoring tools

Architecting Splunk Enterprise Deployments
Architecting Splunk Enterprise Deployments - Course Objectives

Module 1 – Introduction

  • Overview of the Splunk deployment planning process and associated tools

Module 2 – Planning

  • Identify critical information about environment, volume, users, and requirements

  • Review checklists and resources to aid in collecting requirements

Module 3 – Apps and Index Design

  • Design and size indexes

  • Plan app deployment

Module 4 – Infrastructure

  • Learn sizing factors for servers

  • Understand how reference hardware is used to scale deployments

  • Identify the impact of clustering for index replication and for search heads

  • Identify best practices for authentication, authorization and access control

Module 5- Data Collection

  • Compare agent-based and agentless data collection methods

  • Discuss data inputs

  • Compare remote collection methods

​

Module 6 – Forwarders and Deployment Management

  • Review types of forwarders

  • Understand how to manage forwarder installation

  • Understand configuration management for all Splunk components, using Splunk deployment tools

Module 7 – Data Comprehension and Enrichment

  • Identify the six things you must get correct at index time

  • Discuss Common Information Model

  • Discuss Data Models and data model design

  • Discuss data enrichment, including lookups and KV Store

Module 8 – Querying

  • Discuss search performance

  • Discuss differences between summarization methods

Module 9 – Integration

  • Describe integration methods

  • Identify common integration points

Module 10 – Operations and Management

  • Identify ongoing tasks in a Splunk deployment

  • Identify backup and archiving methods

  • Discuss onboarding processes

  • Review monitoring tools and apps

​

Splunk Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

​

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

​

​

AM Marked Splunk Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

PM Marked Splunk Courses

PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

Architecting Splunk Enterprise Deployments - Upcoming Courses

bottom of page