SlideShare ist ein Scribd-Unternehmen logo

Advanced Splunk Administration

G
Greg Hanchin

Splunk, Splunk Training, Advanced Splunk Administration, Big Data Training

Technologie
1 von 2
Downloaden Sie, um offline zu lesen
Splunk Education Services Advanced Splunk 5.0 AdministrationThis nine hour course follows the Splunk Administration course. The focus in this class is the knowledge, best practices, and configuration details for Splunk administration in a medium to large deployment environment. In this class you will learn advanced input configuration options, Splunk's data processing flow, optimized indexing configurations, alternative authentication methods, security, and troubleshooting. Course Topics  Splunk hardware and topology options  Advanced use and configuration of Splunk forwarders  Splunk’s Deployment Server  Advanced data input options  Data inputs advanced configuration  Advanced configuration of Splunk data stores  Authentication  How and what to secure in Splunk  Where to get help Course Prerequisites  Using Splunk  Administrating Splunk Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site. Course Objectives Lesson 1 – Hardware and Topology  Identify Splunk hardware recommendations  Explore Splunk topology recommendations  Describe distributed search and search head pooling Lesson 2 – Forwarders  Configure Splunk forwarders using outputs.conf  Configure load balancing  Secure and compress forwarder feeds and set cache size  Enable indexer acknowledgement  Leverage 3rd party systems Lesson 3 – Deployment Server  Understand Deployment Server terminology and topology  Use server classes to send custom config files to all types of Splunk installs  Configure deployment clients  Create and distribute deployment bundles Lesson 4 – Inputs  Use wildcards  Use whitelists and blacklists to limit monitor data inputs  Configure scripted inputs  Understand file system change monitoring Lesson 5 - Data Processing  Describe how data moves through Splunk  Understand default processing  Optimize and configure event line breaking  Explain how Splunk determines and assigns time zones  Use the Data Preview feature to configure a custom data input Lesson 6 - Event-level Data Transformations  Explain how data transformations are defined and invoked  Identify and explain how keys are used in transforms.conf  Dynamically set source type based on values  Automatically route events to an index based on values  Prevent unwanted events from being indexed  Mask data values within events Lesson 7 - Index Replication  Describe index replication  Define the terms: replication factor and search factor  Explain how data flows in a replicated environment  Explain what happens if an indexer goes off-line  Explain how to configure and deploy a cluster Lesson 8 - Authentication  Review native Splunk authentication  Use LDAP  Use Active Directory  Configure SSO Lesson 9 - Security  Identify what you can secure in Splunk  Understand SSL and Splunk  Learn about user group and index security  Identify and secure the audit log  Understand archive data signing Lesson 10 - Troubleshooting  Set specific internal logging levels  Identify and solve common issues  Learn how to get community help with Splunk  Understand how to contact Splunk Support
Splunk Education Services Splunk Education Tracks User: For all day-to-day Splunk users including customer support staff, developers, systems administrators and management. Administrator: For administrators of Splunk itself. (Administrators of other systems who will just be using Splunk should take the User track.) Architect: For architects who will be designing Splunk deployments, including architects on staff at customer deployments as well as partner professional services personnel. Developer: For developers who will integrate, customize and extend Splunk using its XML templates and advanced configuration bundling. Support Engineer: For Splunk OEM and channel partner support staff who will be providing first line support for Splunk. Tracks User Administrator Architect Developer Support Engineer Using Splunk ✓ ✓ ✓ ✓ ✓ Searching and Reporting with Splunk ✓ ✓ ✓ ✓ Administrating Splunk ✓ ✓ ✓ Advanced Splunk Administration ✓ ✓ ✓ Architecting and Deploying Splunk ✓ ✓ Developing Apps with Splunk ✓ ✓ ✓ Splunk Architect Certification Lab ✓ Supporting Splunk ✓ About Splunk Splunk is software that indexes, manages and enables you to search data from any application, server or network device in real time. Visit our website at www.splunk.com to download your own free copy. Splunk Inc. 250 Brannan San Francisco, CA 94107 866.GET.SPLUNK (866.438.7758) sales@splunk.com support@splunk.com

Empfohlen

SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...
SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...
SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...Gabrielle Knowles
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionSplunk
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with SplunkSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxDamien Dallimore
 
Splunk app for stream
Splunk app for stream Splunk app for stream
Splunk app for stream csching
 

Empfohlen

SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...
SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...
SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...Gabrielle Knowles
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionSplunk
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with SplunkSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxDamien Dallimore
 
Splunk app for stream
Splunk app for stream Splunk app for stream
Splunk app for stream csching
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for DevelopersSplunk
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureSplunk
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunk
 
Splunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DaySplunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DayZivaro Inc
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Splunk
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
Splunk @ Adobe
Splunk @ AdobeSplunk @ Adobe
Splunk @ AdobeSplunk
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingSplunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overviewAlex Fok
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopRobb Boyd
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nycDimitri McKay - CISSP
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunk
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk courseGreg Hanchin
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 courseGreg Hanchin
 

Weitere ähnliche Inhalte

Was ist angesagt?

Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for DevelopersSplunk
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureSplunk
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunk
 
Splunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DaySplunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DayZivaro Inc
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Splunk
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
Splunk @ Adobe
Splunk @ AdobeSplunk @ Adobe
Splunk @ AdobeSplunk
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingSplunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer PresentationSplunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overviewAlex Fok
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopRobb Boyd
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunk
 

Was ist angesagt? (20)

Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services Organization
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - Architecture
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - Intuit
 
Splunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DaySplunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech Day
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
Splunk @ Adobe
Splunk @ AdobeSplunk @ Adobe
Splunk @ Adobe
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS)
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk Overview
 

Ähnlich wie Advanced Splunk Administration

Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk courseGreg Hanchin
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 courseGreg Hanchin
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Greg Hanchin
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionGreg Hanchin
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43courseGreg Hanchin
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline Greg Hanchin
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43courseGreg Hanchin
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsGreg Hanchin
 
Learn splunk online training
Learn splunk online training Learn splunk online training
Learn splunk online training AngelinaJoile1
 
Splunk best practices
Splunk best practicesSplunk best practices
Splunk best practicesJilali HARITI
 
Splunk Administration Training Certification.pdf
Splunk Administration Training Certification.pdfSplunk Administration Training Certification.pdf
Splunk Administration Training Certification.pdfMultisoft Virtual Acedamy
 
Design and Implement Security Operat.docx
Design and Implement Security Operat.docxDesign and Implement Security Operat.docx
Design and Implement Security Operat.docxtheodorelove43763
 
Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)Zoumana Diomande
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
Updating system administrator skills microsoft windows 2000 windows server 20...
Updating system administrator skills microsoft windows 2000 windows server 20...Updating system administrator skills microsoft windows 2000 windows server 20...
Updating system administrator skills microsoft windows 2000 windows server 20...LEN Learning Education Network
 
Splunk metrics via telegraf
Splunk metrics via telegrafSplunk metrics via telegraf
Splunk metrics via telegrafAshvin Pandey
 
Sumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic
 
Sumo Logic QuickStart
Sumo Logic QuickStartSumo Logic QuickStart
Sumo Logic QuickStartSumo Logic
 

Ähnlich wie Advanced Splunk Administration (20)

Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk course
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 course
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class description
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43course
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43course
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class Details
 
Learn splunk online training
Learn splunk online training Learn splunk online training
Learn splunk online training
 
Splunk best practices
Splunk best practicesSplunk best practices
Splunk best practices
 
Veera
VeeraVeera
Veera
 
Splunk Administration Training Certification.pdf
Splunk Administration Training Certification.pdfSplunk Administration Training Certification.pdf
Splunk Administration Training Certification.pdf
 
Design and Implement Security Operat.docx
Design and Implement Security Operat.docxDesign and Implement Security Operat.docx
Design and Implement Security Operat.docx
 
Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Splunk Insights
Splunk InsightsSplunk Insights
Splunk Insights
 
Updating system administrator skills microsoft windows 2000 windows server 20...
Updating system administrator skills microsoft windows 2000 windows server 20...Updating system administrator skills microsoft windows 2000 windows server 20...
Updating system administrator skills microsoft windows 2000 windows server 20...
 
Splunk metrics via telegraf
Splunk metrics via telegrafSplunk metrics via telegraf
Splunk metrics via telegraf
 
Sumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - Fundamentals
 
Sumo Logic QuickStart
Sumo Logic QuickStartSumo Logic QuickStart
Sumo Logic QuickStart
 

Mehr von Greg Hanchin

NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNKGreg Hanchin
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchangeGreg Hanchin
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threatGreg Hanchin
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administrationGreg Hanchin
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_briefGreg Hanchin
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduceGreg Hanchin
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktopGreg Hanchin
 
Splunk for palo_alto
Splunk for palo_altoSplunk for palo_alto
Splunk for palo_altoGreg Hanchin
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connectGreg Hanchin
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directoryGreg Hanchin
 
Splunk app for_windows
Splunk app for_windowsSplunk app for_windows
Splunk app for_windowsGreg Hanchin
 
Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_securityGreg Hanchin
 
Splunk guide for_iso_27002
Splunk guide for_iso_27002Splunk guide for_iso_27002
Splunk guide for_iso_27002Greg Hanchin
 
Splunk for security
Splunk for securitySplunk for security
Splunk for securityGreg Hanchin
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchangeGreg Hanchin
 

Mehr von Greg Hanchin (20)

NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNK
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchange
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threat
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administration
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_brief
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduce
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktop
 
Splunk for palo_alto
Splunk for palo_altoSplunk for palo_alto
Splunk for palo_alto
 
Splunk for ibtrm
Splunk for ibtrmSplunk for ibtrm
Splunk for ibtrm
 
Splunk for fisma
Splunk for fismaSplunk for fisma
Splunk for fisma
 
Splunk for f5
Splunk for f5Splunk for f5
Splunk for f5
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connect
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directory
 
Splunk app for_windows
Splunk app for_windowsSplunk app for_windows
Splunk app for_windows
 
Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_security
 
Splunk guide for_iso_27002
Splunk guide for_iso_27002Splunk guide for_iso_27002
Splunk guide for_iso_27002
 
Splunk for security
Splunk for securitySplunk for security
Splunk for security
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchange
 

Kürzlich hochgeladen

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Kürzlich hochgeladen (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Advanced Splunk Administration

  • 1. Splunk Education Services Advanced Splunk 5.0 AdministrationThis nine hour course follows the Splunk Administration course. The focus in this class is the knowledge, best practices, and configuration details for Splunk administration in a medium to large deployment environment. In this class you will learn advanced input configuration options, Splunk's data processing flow, optimized indexing configurations, alternative authentication methods, security, and troubleshooting. Course Topics  Splunk hardware and topology options  Advanced use and configuration of Splunk forwarders  Splunk’s Deployment Server  Advanced data input options  Data inputs advanced configuration  Advanced configuration of Splunk data stores  Authentication  How and what to secure in Splunk  Where to get help Course Prerequisites  Using Splunk  Administrating Splunk Class Format Instructor-led lecture with labs. Delivered via virtual classroom or at your site. Course Objectives Lesson 1 – Hardware and Topology  Identify Splunk hardware recommendations  Explore Splunk topology recommendations  Describe distributed search and search head pooling Lesson 2 – Forwarders  Configure Splunk forwarders using outputs.conf  Configure load balancing  Secure and compress forwarder feeds and set cache size  Enable indexer acknowledgement  Leverage 3rd party systems Lesson 3 – Deployment Server  Understand Deployment Server terminology and topology  Use server classes to send custom config files to all types of Splunk installs  Configure deployment clients  Create and distribute deployment bundles Lesson 4 – Inputs  Use wildcards  Use whitelists and blacklists to limit monitor data inputs  Configure scripted inputs  Understand file system change monitoring Lesson 5 - Data Processing  Describe how data moves through Splunk  Understand default processing  Optimize and configure event line breaking  Explain how Splunk determines and assigns time zones  Use the Data Preview feature to configure a custom data input Lesson 6 - Event-level Data Transformations  Explain how data transformations are defined and invoked  Identify and explain how keys are used in transforms.conf  Dynamically set source type based on values  Automatically route events to an index based on values  Prevent unwanted events from being indexed  Mask data values within events Lesson 7 - Index Replication  Describe index replication  Define the terms: replication factor and search factor  Explain how data flows in a replicated environment  Explain what happens if an indexer goes off-line  Explain how to configure and deploy a cluster Lesson 8 - Authentication  Review native Splunk authentication  Use LDAP  Use Active Directory  Configure SSO Lesson 9 - Security  Identify what you can secure in Splunk  Understand SSL and Splunk  Learn about user group and index security  Identify and secure the audit log  Understand archive data signing Lesson 10 - Troubleshooting  Set specific internal logging levels  Identify and solve common issues  Learn how to get community help with Splunk  Understand how to contact Splunk Support
  • 2. Splunk Education Services Splunk Education Tracks User: For all day-to-day Splunk users including customer support staff, developers, systems administrators and management. Administrator: For administrators of Splunk itself. (Administrators of other systems who will just be using Splunk should take the User track.) Architect: For architects who will be designing Splunk deployments, including architects on staff at customer deployments as well as partner professional services personnel. Developer: For developers who will integrate, customize and extend Splunk using its XML templates and advanced configuration bundling. Support Engineer: For Splunk OEM and channel partner support staff who will be providing first line support for Splunk. Tracks User Administrator Architect Developer Support Engineer Using Splunk ✓ ✓ ✓ ✓ ✓ Searching and Reporting with Splunk ✓ ✓ ✓ ✓ Administrating Splunk ✓ ✓ ✓ Advanced Splunk Administration ✓ ✓ ✓ Architecting and Deploying Splunk ✓ ✓ Developing Apps with Splunk ✓ ✓ ✓ Splunk Architect Certification Lab ✓ Supporting Splunk ✓ About Splunk Splunk is software that indexes, manages and enables you to search data from any application, server or network device in real time. Visit our website at www.splunk.com to download your own free copy. Splunk Inc. 250 Brannan San Francisco, CA 94107 866.GET.SPLUNK (866.438.7758) sales@splunk.com support@splunk.com