Course Overview
This 9-hour course is designed for Splunk administrators. It covers topics and techniques for troubleshooting a standard Splunk distributed deployment using the tools available with Splunk Enterprise.
This lab-oriented class is designed to help you gain troubleshooting experience before attending more advanced courses. You will debug a distributed Splunk Enterprise environment using the live system.
This course does not cover the issues surrounding Splunk Cloud, Splunk Clusters, or Splunk premium apps.
Please note that this class may run over two days, with 4.5 hour sessions each day for nine hours of total content.
Who should attend
Splunk administrators.
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students should have a solid understanding of the following modules:
- Splunk Fundamentals 1 (Retired)
- Splunk Fundamentals 2 (Retired)
Or the following single-subject modules:
- !SP-WIS
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Scheduling Reports & Alerts (SRA)
- Visualizations (SVZ)
- Leveraging Lookups and Subsearches (LLS)
- Search Under the Hood (SUH)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
Student should also have completed the following modules:
Course Objectives
- Splunk Troubleshooting Methods and Tools
- Indexing Problems
- Input Configuration Problems
- Deployment Problems
- License, Upgrade, and User Management Problems
- Search Management Problems
- User Search Problems
English
Polish
Egypt