Troubleshooting Splunk Enterprise
The Troubleshooting Splunk Enterprise course is designed for Splunk administrators. It covers topics and techniques for troubleshooting a standard Splunk distributed deployment using the tools available on Splunk Enterprise.
​
Troubleshooting Splunk Enterprise course is a lab-oriented class designed to help you gain troubleshooting experience before attending more advanced courses. You will debug a distributed Splunk Enterprise environment using the live system and simulated case logs.
​
This course does not cover the issues surrounding Splunk Cloud, Splunk Clusters, or Splunk premium apps.
Splunk Credit Value : 100
Duration : 9 hours over 2 days
Time : 9:00 am - 1:30 pm AEST
​
*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.
Troubleshooting Splunk Enterprise - Course Topics
-
Splunk Support Model
-
Splunk Troubleshooting Methods and Tools
-
Clarifying the Problem
-
Installation, Licensing, and Crash Problems
-
UI and Search Problems
-
Configuration Problems
-
Deployment Problems
-
User Management Problems
Course Prerequisites
or the following Single Subject Courses
-
What Is Splunk?
-
Intro to Splunk
-
Using Fields
-
Scheduling Reports and Alerts
-
Visualizations
-
Leveraging Lookups and Subsearches
-
Search Under the Hood
-
Introduction to Knowledge Objects
-
Creating Knowledge Objects
-
Enriching Data with Lookups
-
Data Models
-
Introduction to Dashboards
​
Students should also have completed the following courses.
Splunk Enterprise System Administration
Splunk Enterprise Data Administration
​
Troubleshooting Splunk Enterprise - Audience
Anyone within a technical role who is involved in the Administration of Splunk within their organisation or are looking to become Architect II certified. Previous Attendees have included IT Administrators, DevOps, Security Analysts and Solution Architects
Class Format
Instructor-led lecture with labs. Delivered via virtual classroom or at your site
Related Certifications
After completing Troubleshooting Splunk Enterprise course you will be able to
-
Understand the Splunk Support Model and its resources
-
Identify the best practices for troubleshooting Splunk Enterprise
-
List ways to gather useful Splunk diagnostic information
-
Use Splunk diagnostic tools
-
Identify common Splunk technical issues and solutions
Troubleshooting Splunk Enterprise - Course Objectives
Module 1 – Splunk Support Model
-
Splunk support resources
Module 2 – Splunk Troubleshooting Methods and Tools
-
Splunk troubleshooting methodology
-
Splunk diagnostic tools
Module 3 – Clarifying the problem
-
Splunk Topology
-
Index-time pipeline
-
Search-time pipeline
Module 4 – Installation, Licensing and Crash problems
-
Installation issues
-
License issues
-
Crash issues
​
Module 5 – Configuration problems
-
Input issues
-
Configuration Precedence
Module 6 – UI and Search problems
-
Search issues
-
Dashboard issues
Module 7 – Deployment problems
-
Forwarding issues
-
Distributed search issues
-
Deployment server issues
Module 8 – User Management problems
-
Splunk users and role capabilities
-
Directory integration issues
​
Splunk Course Schedules and Timezones
Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.
​
Dates and times displayed for each course are relative to Australian Eastern Time (AET).
​
​
AM Marked Splunk Courses
AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas;
​
-
UTC+10 including Australia (East Coast)
-
UCT+11/+12 including New Zealand and the Pacific Islands
-
UTC-8 including USA (West Coast), Canada (West Coast)
-
UTC-7 including USA (Mid West)
PM Marked Splunk Courses
PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas;
​
-
UTC+10 including Australia (East Coast)
-
UCT+11/+12 including New Zealand and the Pacific Islands
-
UTC-8 including USA (West Coast), Canada (West Coast)
-
UTC-7 including USA (Mid West)
