Splunk Enterprise System Administration

Module 1 – Deploying Splunk

• Provide an overview of Splunk
• Identify Splunk Enterprise components
• Identify the types of Splunk deployments
• List the steps to install Splunk
• Use Splunk CLI commands

Module 2 – Monitoring Splunk

• Use Splunk Health Report
• Enable the Monitoring Console (MC)
• Use Splunk Assist
• Use Splunk Diag

Module 3 – Licensing Splunk

• Identify Splunk license types
• Describe license violations
• Add and remove licenses

Module 4 – Using Configuration Files

• Describe Splunk configuration directory structure
• Understand configuration layering process
• Use btool to examine configuration settings

Module 5 – Using Apps

• Describe Splunk apps and add-ons
• Install an app on a Splunk instance
• Manage app accessibility and permissions

Module 6 – Creating Indexes

• Learn how Splunk indexes functions
• Identify the types of index buckets
• Add and work with indexes
• Overview of metrics index

Module 7 – Managing Index

• Review Splunk Index Management basics
• Identify data retention recommendations
• Identify backup recommendations
• Move and delete index data
• Describe the use of the Fishbucket
• Restore a frozen bucket

Module 8 – Managing Users

• Add Splunk users using native authentication
• Describe user roles in Splunk
• Create a custom role
• Manage users in Splunk

Module 9 – Configuring Basic Forwarding

• Identify forwarder configuration steps
• Configure a Universal Forwarder
• Understand the Deployment Server

Module 10 – Configuring Distributed Search

• Describe how distributed search works
• Describe the roles of the search head and search peers