Course Overview
This course is designed for administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.
Please note that classes may run across three days, consisting of 6 hour sessions each day.
Who should attend
This module is designed for administrators who are responsible for getting data into Splunk Indexers.
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students should have a solid understanding of the following modules:
- Fundamentals 1 (Retired)
- Fundamentals 2 (recommended) (Retired)
Or the following single-subject modules:
- What is Splunk? (Retired)
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
Students should also understand the following module:
- !Splunk Enterprise System Administration (SESA) (recommended)
Course Objectives
- Understand sourcetypes
- Manage and deploy forwarders
- Configure data inputs
- File monitors
- Network inputs (TCP/UDP)
- Scripted inputs
- HTTP inputs (via the HTTP Event Collector)
- Customize the input phase parsing process
- Define transformations to modify data before indexing
- Define search time knowledge object configurations