top of page

Splunk Enterprise System Administration 

Splunk Training Provider Authorised Learning Partner Australia

The Splunk Enterprise System Administration (Version 9) course is designed for system administrators who are responsible for managing the Splunk Enterprise environment.

 

The Splunk Enterprise System Administration course provides fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management and monitoring core Splunk Enterprise components.

​

Splunk Credit Value : 150
Duration : 12 hours over 2 days

Time : 9:00 - 4:00 pm AET
​

*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.

Splunk Enterprise System Administration
Buy Splunk Enterprise System Administration Training Course Now

One of the best trainers I've had - keeps content relevant & explains the tasks in easily understood language. Extremely knowledgeable in all fields relating to the content. Well paced & accommodated to everyone's questions & progress.

Participant, Splunk Enterprise Data Administration

Splunk Enterprise System Administration
Splunk Enterprise System Administration - Course Topics

  • Splunk Deployment Overview

  • License Management

  • Splunk Apps

  • Splunk Configuration Files

  • Index Management

  • Users, Roles and Authentication

  • Basic Forwarding

  • Distributed Search

Course Prerequisites

To be successful, students should have a solid understanding of the following courses:

  • Fundamentals 1

  • Fundamentals 2

Or the following single-subject courses:

  • What is Splunk?

  • Intro to Splunk

  • Using Fields

  • Introduction to Knowledge Objects

Related Certifications

Splunk Enterprise Certified Admin
Splunk Enterprise Certified Architect
Splunk Certified Enterprise Security Admin

Splunk IT Service Intelligence Certified Admin

Splunk Enterprise System Administration - Audience

Anyone within a technical role who is involved in the management of Splunk within their organisation or are looking to become Splunk certified. Previous attendees have included IT Administrators, DevOps, Security Analysts and Solution Architects.

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

After completing Splunk Enterprise System Administration course you will be able to

  • Build and manage a production Splunk environment

  • Administer licences

  • Install and configure forwarders

  • Understand the basics of getting data into Splunk

  • Maintain and optimise indexes

  • Create and manage users & roles

  • Understand Splunk scaling using distributed search and management

Splunk Enterprise System Administration
Splunk Enterprise System Administration - Course Objectives

Module 1 – Deploying Splunk

  • Provide an overview of Splunk

  • Identify Splunk Enterprise components

  • Identify the types of Splunk deployments

  • List the steps to install Splunk

  • Use Splunk CLI commands

Module 2 – Monitoring Splunk

  • Use Splunk Health Report

  • Enable the Monitoring Console (MC)

  • Use Splunk Assist

  • Use Splunk Diag

Module 3 - Licensing Splunk

  • Identify Splunk license types

  • Describe license violations

  • Add and remove licenses

Module 4 - Using Configuration Files

  • Describe Splunk configuration directory structure

  • Understand configuration layering process

  • Use btool to examine configuration settings

Module 5 - Using Apps

  • Describe Splunk apps and add-ons

  • Install an app on a Splunk instance

  • Manage app accessibility and permissions

Module 6 – Creating Indexes

  • Apply a data retention policy

  • Backup data on indexers

  • Delete data from an index

  • Restore frozen data

​

Module 7 – Managing Index

  • Review Splunk Index Management basics

  • Identify data retention recommendations

  • Identify backup recommendations

  • Move and delete index data

  • Describe the use of the Fishbucket

  • Restore a frozen bucket

Module 8 – Managing Users

  • Add Splunk users using native authentication

  • Describe user roles in Splunk

  • Create a custom role

  • Manage users in Splunk

Module 9 – Configuring Basic Forwarding

  • Identify forwarder configuration steps

  • Configure a Universal Forwarder

  • Understand the Deployment Server

Module 10 – Configuring Distributed Search

  • Describe how distributed search works

  • Describe the roles of the search head and search peers

​

Splunk Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

​

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

​

​

AM Marked Splunk Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

PM Marked Splunk Courses

PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

Splunk Enterprise System Administration - Upcoming Courses

bottom of page