Splunk is a complex system of multiple interoperating components, as such it offers a great deal of configuration options. Other Splunk administrative tasks include creating and managing alerts and planning server capacity. In this course, you will learn how to configure Splunk to meet your requirements. You'll also learn how to set up alerts, plan server capacity, and manage Splunk servers.
Learning Objectives
Administration with Splunk Web
- start the course
- log into and identify Splunk Web Administration components
- identify the default Splunk dashboards and customize the banner messages
- add and manage users and roles in Splunk
Administration with Configuration Files
- work with Splunk configuration files
- identify the order in which Splunk applies configuration directives and attributes
- copy and edit the Splunk configuration files
- access the Splunk command line interface or CLI
- utilize the built-in help functions of the Splunk command line interface or CLI
- administer the remote Splunk deployments using administrative commands
Administrative Tasks
- start and stop the Splunk service on multiple platforms, and configure Splunk to start at boot
- change the default values in a Splunk installation and apply a license
- bind Splunk to an IPv4 and/or IPv6 address
- upgrade an existing Splunk instance on a Unix or Windows system
- migrate indexes and data to a new server
Splunk Alerts
- identify the different types of alerts in Splunk
- utilize throttling to limit the Splunk alerts and set alert permissions
- construct per-result and rolling-window alerts in Splunk
- create scheduled alerts in Splunk
- edit and expand the functionality of a Splunk alert
- configure Splunk to send an e-mail during an alert condition
- configure the alternate alert modes in Splunk
- construct triggered alerts
Capacity Planning
- identify the data performance issues in Splunk
- identify the other performance issues in Splunk
- determine the Splunk storage requirements
- scale a Splunk deployment to meet requirements
Practice: Administer Splunk
- create users and roles in Splunk