Course Description
Modern networks consist of multiple services, each generating independent streams of log data. Traditionally, log data resides in separate files and finding specific events can be difficult - detecting patterns is near impossible. Splunk provides a means to collect and store this log data in a collated and redundant data store, facilitating searching and visualization. In this course, you will learn how to install and configure Splunk on multiple platforms. You'll also learn various ways to get your data into Splunk.
Learning Objectives
Getting Started with Splunk
- start the course
- identify the functions and abilities of Splunk
- identify the types of Splunk licenses and choose what best suits your requirements
- install Splunk on several Linux platforms
- install Splunk on Windows systems
- identify the components of the Splunk user interface
- use Splunk without administrator access
- start the Splunk service on multiple operating systems
Getting Your Data into Splunk
- compare Splunk data forwarders
- add the tutorial sample data to your Splunk install
- configure data sources for Splunk
- import data from files and monitor local files and folders
- change the type of data source used by Splunk to index your data
- improve Splunk's processing of events
- configure how Splunk stores the date and time with your data
- import data from network ports and Splunk forwarders
Splunk Forwarders
- install the universal forwarder in Windows
- install the universal forwarder in Unix environments
- implement load balancing on a Splunk forwarder
- implement data cloning on a Splunk forwarder
- implement a heavy Splunk forwarder
Practice: Installing Splunk
- install a Splunk instance