Share Description
In this course, you will learn :
- Create High-Availability Clustering Architectures.
- Create dashboards for detecting anomalies.
- Splunk integration in Docker containers.
- Troubleshooting and Industry Best Practices for Splunk Management
Syllabus :
1. Introduction to Splunk & Setting Up Labs
- Introduction to Splunk
- Installation Methods for Splunk
- Creating Splunk Account
- Launching Infrastructure for Splunk
- Installing Splunk in Linux
- Installing Splunk in Windows
- Introduction to Docker Containers - New
- Installation Methods for Docker
- Installing Docker in Linux
- Installing Docker Desktop
- Deploying Splunk Docker Container
2. Getting started with Splunk
- Importing Data in Splunk
- Parsing Authentication Logs
- Security Use-Case - Finding Attack Vectors
- Basics of Search
- Splunk Search Assistant
- Splunk Report - Email Clarification (Followup)
- Understanding Add-Ons and Apps
- Installing Splunk Add-On for AWS
- Overview of Dashboards and Panels
- Building Dashboard Inputs - Time Range Picker
- Building Dashboard Inputs - Text Box
- Building Dashboard Inputs - Drop down
3. Splunk Architecture
- Directory Structure of Splunk
- Splunk Configuration Directories
- Splunk Configuration Precedence
- Splunk Configuration Precedence - Apps and Locals
- Introduction to Indexes
- Bucket Lifecycle
- Warm to Cold Bucket Migration
- Archiving Data to Frozen Path
- Thawing Process
- Splunk Workflow Actions
4. Forwarder & User Management
- Overview of Universal Forwarders
- Installation Manual - Splunk Universal Forwarder
- Introduction to Deployment Server
- ServerClass and Deployment Apps
- Pushing Custom Add-On via Deployment Server
5. Post Installation Activities
- Understanding Regular Expressions
- Regex - Exercise
- Parsing Web Server Logs & Named Group Expression
- Importance of Source Types
- Interactive Field Extractor (IFX)
- props.conf and transforms.conf
- Sample Log - MySQL Error Logs
- Splunk Event Types
- Tags
- Splunk Events Types Priority and Coloring Scheme
- Splunk Lookups
- Splunk Alerts
6. Security Primer
- Access Control
- Creating Custom Roles & Capabilities
7. Distributed Splunk Architecture
- Understanding License Master
- Implementing License Master
- License Pools
- Indexer
- Masking Sensitive Data at Index Time
- Search Head
- Splunk Monitoring Console
8. Indexer Clustering
- Infrastructure for Indexer Cluster
- Configuring Master Indexer
- Configuring Peer Indexers
- Testing Replication Capabilities
- Testing Failover Capabilities
- Configuration Bundles of Master Indexers
- Forwarding Logs to Indexer Cluster
- Implementing Indexer Discovery
- Indexer Discovery - Document
9. Search Head Clustering
- Infrastructure for Search Head Cluster
- Setting Up Search Head Clustering
- Validating Search Head Replication
- Pushing Artifacts through Deployer
- Integration - Search Head Cluster to Indexer Cluster
- SH to IDX Cluster Document
10. Advanced Splunk Concepts
- Using Btool for Troublshootin
- Overview of Data Models
- Creating Data Model - Practical
- Splunk Support Programs
