Architecting Splunk Enterprise Deployments

This 9-hour module focuses on large enterprise deployments. Students learn steps and best practices for planning, data collection and sizing for a distributed deployment. Workshop-style labs challenge students to make design decisions about an example enterprise deployment.

Days : 2
Price :

CAD$1,905.00

Effacer

Description

Please note that this class may run across two days, with 4.5 hour sessions each day.

Prerequisites

To be successful, students should have a solid understanding of the following modules:

  • Fundamentals 1 & 2 (Retired)

Or the following single-subject modules:

What is Splunk? (WIS)
Intro to Splunk (ITS)
Using Fields (SUF)
Intro to Knowledge Objects (IKO)
Creating Knowledge Objects (CKO)
Creating Field Extractions (CFE)
Students should also understand the following courses:

Splunk Enterprise System Administration (SESA)
Splunk Enterprise Data Administration (SEDA)

Course Objectives

  • Requirements definition
  • Index and resource planning
  • Clustering Overview
  • Forwarder and Deployment
  • Integration
  • Performance Monitoring and Tuning
  • Use Cases

Outline: Architecting Splunk Enterprise Deployments (ASED)

Topic 1 – Introduction

  • Overview of the Splunk deployment planning process and associated tools

Topic 2 – Project Requirements

  • Identify critical information about environment, volume, users, and requirements
  • Review checklists and resources to aid in collecting requirements

Topic 3 – Infrastructure Planning: Index Design

  • Design and size indexes
  • Estimate storage requirements
  • Identify relevant apps

Topic 4 – Infrastructure Planning: Resource Planning

  • List sizing factors for servers
  • Describe how reference hardware is used to scale deployments
  • Identify the impact of clustering for index replication and for search heads

Topic 5- Clustering Overview

  • Describe the different clustering capabilities
  • Introduce the concepts of indexer and search head clustering

Topic 6 – Forwarder and Deployment Best Practices

  • Review types of forwarders
  • Describe how to manage forwarder installation
  • Review configuration management for all Splunk components, using Splunk deployment tools
  • Provide best practices for a Splunk deployment

Topic 7 – Integration

  • Describe integration methods
  • Identify common integration points

Topic 8 – Performance Monitoring and Tuning

  • Use the Monitoring Console to track the performance of your test environment
  • List options to fine tune performance for production environment

Topic 9 – Use Cases

  • Provide example architecture topologies
  • Discuss different architecture options based on use case