reed.co.uk Courses

Header

Splunk 2019 - Beginner to Architect - Simpliv

Splunk 2019 - Beginner to Architect is a course specifically designed for beginners who wants to master Splunk.


Simpliv LLC

Summary

Price
£24.50 inc VAT
Study method
Online, self-paced
Duration
11 Hours
Access to content
Lifetime access
Qualification
No formal qualification
Additional info
  • Tutor is available to students
  • Certificate of completion available and is included in the price

Add to basket or enquire

Overview

This course starts from absolute ground up level and step by step we build our solid foundation in Splunk to master various aspects related to writing SPL queries, building dashboards, distributed splunk architectures, as well as building highly available clustered setup for Splunk.

Description

Splunk 2019 - Beginner to Architect is a course specifically designed for beginners who wants to master Splunk.

This course starts from absolute ground up level and step by step we build our solid foundation in Splunk to master various aspects related to writing SPL queries, building dashboards, distributed splunk architectures, as well as building highly available clustered setup for Splunk.

With tons of practicals, easy to understand videos, and great Support from our Instructor in-case of doubts, this course is all you need to build solid foundation in Splunk.

This course will cover the following topics

Introduction to Splunk & Setting Up Labs8

  1. Introduction to Splunk
  2. Introduction to Docker Containers
  3. Setting up Docker Environment
  4. Installing Splunk - Docker Approach
  5. Installation of Splunk - RPM Approach
  6. Splunk Licensing Model
  7. Splunk Developer 10GB License
  8. Importing License into Splunk

Getting Started with Splunk

  1. Importing Data to Splunk
  2. Security Use-Case - Finding Attack Vectors
  3. Search Processing Language (SPL)
  4. Splunk Search Assistant
  5. Splunk Reports
  6. Splunk Report - Email Clarification (Followup)
  7. Understanding Add-Ons and Apps
  8. Splunk Add-On for AWS
  9. Splunk App for AWS
  10. Overview of Dashboards and Panels
  11. Building Dashboard Inputs - Time Range Picker
  12. Building Dashboard Inputs - Text Box
  13. Building Dashboard Inputs - Dynamic DropDown
  14. Building Dashboard Inputs - Drop down

Splunk Architecture

  1. Directory Structure of Splunk
  2. Splunk Configuration Directories
  3. Splunk Configuration Precedence
  4. Splunk Configuration Precedence - Apps and Locals
  5. Introduction to Indexes
  6. Bucket Lifecycle
  7. Warm to Cold Bucket Migration
  8. Archiving Data to Frozen Path
  9. Thawing Process
  10. Splunk Workflow Actions

Forwarder & User Management

  1. Overview of Universal Forwarders
  2. Installing Universal Forwarder in Linux
  3. Challenges in Forwarder Management
  4. Introduction to Deployment Server
  5. ServerClass and Deployment Apps
  6. Creating Custom Add-Ons for deployment
  7. Pushing Splunk Linux Add-On via Deployment Server

Post Installation Activities

  1. Understanding Regular Expressions
  2. Parsing Web Server Logs & Named Group Expression
  3. Importance of Source Types
  4. Interactive Field Extractor (IFX)
  5. props.conf and transforms.conf
  6. Splunk Event Types
  7. Tags
  8. Splunk Events Types Priority and Coloring Scheme
  9. Splunk Lookups
  10. Splunk Alerts

Security Primer

  1. Access Control
  2. Creating Custom Roles & Capabilities

Distributed Splunk Architecture

  1. Overview of Distributed Splunk Architecture
  2. Understanding License Master
  3. Implementing License Master
  4. License Pools
  5. Indexer
  6. Masking Sensitive Data at Index Time
  7. Search Head
  8. Splunk Monitoring Console

Indexer Clustering

  1. Overview of Indexer Clustering
  2. Deploying Infrastructure for Indexer Cluster
  3. Master Indexer
  4. Peer Indexers
  5. Testing Replication and Failover capabilities
  6. Configuration Bundle
  7. Configuration Bundle - Part 02
  8. Forwarding Logs to Indexer Cluster
  9. Indexer Discovery

Search Head Clustering

  1. Overview of Search Head Clusters
  2. Deploying Infrastructure for Search Head Cluster
  3. Configuring Cluster Setup on Search Heads
  4. Validating Search Head Replication
  5. Pushing Artifacts through Deployer
  6. Connecting Search Head Cluster to Indexer Cluster

Advanced Splunk Concepts

  1. Using Btool for Troublshooting
  2. Overview of Data Models
  3. Creating Data Model - Practical
  4. Splunk Support Programs

Who is this course for?

  • Individuals who are looking to have solid foundation in Splunk.

Requirements

  • Computer with Internet Connection

Career path

Security Operations Analyst, Splunk Architect, Security Engineer, Data Analyst, DevOps Engineer/programmer, Data Owner, Operations Analyst. Splunk is fairly specializes and Splunk Engineers are in high demand.

Reviews

Currently there are no reviews for this course. Be the first to leave a review.

FAQs

What does study method mean?

Study method describes the format in which the course will be delivered. At reed.co.uk courses are delivered in a number of ways, including online courses, where the course content can be accessed online remotely, and classroom courses, where courses are delivered in person at a classroom venue.

What are CPD hours/points?

CPD stands for Continuing Professional Development. If you work in certain professions or for certain companies, your employer may require you to complete a number of CPD hours or points, per year. You can find a range of CPD courses on reed.co.uk, many of which can be completed online.

What is a ‘regulated qualification’?

A regulated qualification is delivered by a learning institution which is regulated by a government body. In England, the government body which regulates courses is Ofqual. Ofqual regulated qualifications sit on the Regulated Qualifications Framework (RQF), which can help students understand how different qualifications in different fields compare to each other. The framework also helps students to understand what qualifications they need to progress towards a higher learning goal, such as a university degree or equivalent higher education award.

What is an ‘endorsed’ course?

An endorsed course is a skills based course which has been checked over and approved by an independent awarding body. Endorsed courses are not regulated so do not result in a qualification - however, the student can usually purchase a certificate showing the awarding body’s logo if they wish. Certain awarding bodies - such as ABC Awards and TQUK - have developed endorsement schemes as a way to help students select the best skills based courses for them.

Modals

Mobile Navigation