About the ProgramIntellipaat's Splunk certification training includes the complete aspects of Splunk Developerand Splunk Administration. This Splunk course also includes various topics of Splunk, suchas installation and configuration, Splunk Syslog, Syslog Server, log analysis, Splunkdashboard, and deploying Splunk search, monitor, index, report, and analysis.


Why take up this course?Splunk is the most popular tool used for parsing huge volumes of machine-generated dataand deriving valuable insights from it. Intellipaat’s instructor-led and self-paced training inSplunk Developer and Splunk Administration is your passport to working in the Splunkdomain. Through this course, you will gain a definitive edge when it comes to deployingSplunk in mission-critical applications in the real world, and you can command a highsalary in your career.Who should take up this course? Software Developers and System Administrators Search Analysts, Database Experts, and AdministratorsSplunk Certification Training6 Page

Program CurriculumSplunk Training Course Content SPLUNK DEVELOPMENT CONCEPTS1.1 Introduction to Splunk and Splunk Developer roles and responsibilities BASIC SEARCHING2.1 Writing Splunk query for a search2.2 Auto-complete to build a search2.3 Time range2.4 Refining the search2.5 Working with events2.6 Identifying the contents of the search2.7 Controlling a search jobHands-on Exercise: Write a basic search query USING FIELDS IN SEARCHES3.1 What is a Field?3.2 How to use Fields in a search?3.3 Deploying Fields Sidebar and Field Extractor for REGEX field extraction3.4 Delimiting Field Extraction using FXHands-on Exercise: Use Fields in a search, use Fields Sidebar, use FieldExtractor (FX), and delimit field Extraction using FX SAVING & SCHEDULING SEARCHES4.1 Writing Splunk query for a search and sharing, saving, scheduling, andexporting search resultsHands-on Exercise: Schedule a search, save the search result, and share andexport the search resultSplunk Certification Training7 Page

CREATING ALERTS5.1 How to create alerts5.2 Understanding alerts5.3 Viewing fired alertsHands-on Exercise: Create an alert in Splunk and view the fired alerts SCHEDULED REPORTS6.1 Understanding and configuring scheduled reports TAGS & EVENT TYPES7.1 Introduction to tags in Splunk7.2 Deploying tags for a Splunk search7.3 Understanding event types and utility7.4 Generating and implementing event types in the searchHands-on Exercise: Deploy tags for a Splunk search and generate and implementevent types in the search CREATING & USING MACROS8.1 What is a Macro?8.2 What are variables and arguments in Macros?Hands-on Exercise: Define a Macro with arguments and use variables within it WORKFLOW9.1 Creating get, post, and search workflow actionsHands-on Exercise: Create get, post, and search workflow actions SPLUNK SEARCH COMMANDS10.1 Understanding a search command10.2 General search practices10.3 What is a search pipeline?10.4 How to specify indexes in a search?10.5 Highlighting the syntaxSplunk Certification Training8 Page

10.6 Deploying various search commands such as fields, tables, sort, rename,rex, and erexHands-on Exercise: Steps to create a search pipeline, search index specification,highlight the syntax, use the auto-complete feature, and deploy various searchcommands such as sort, fields, tables, rename, rex, and erex TRANSFORMING COMMANDS11.1 Using top, rare, and stats commandsHands-on Exercise: Use top, rare, and stats commands REPORTING COMMANDS12.1 Using the following commands and their functions: addcoltotals, addtotals,top, rare, and statsHands-on Exercise: Create reports using the following commands and theirfunctions: addcoltotals and addtotals MAPPING & SINGLE-VALUE COMMANDS13.1 Using iplocation, geostats, geom, and addtotals commandsHands-on Exercise: Track the IP using iplocation and the get geo data usinggeostats SPLUNK REPORTS & VISUALIZATIONS14.1 Exploring the available visualizations14.2 Creating charts and time charts14.3 Omitting null values and formatting resultsHands-on Exercise: Create time charts, omit null values, and format results ANALYZING, CALCULATING, & FORMATTING RESULTS15.1 Calculating and analyzing results15.2 Value conversion15.3 Rounding off and formatting values15.4 Using the eval commandSplunk Certification Training9 Page

15.5 Using conditional statements15.6 Filtering calculated search resultsHands-on Exercise: Calculate and analyze results, perform the conversion of adata value, round off numbers, use the eval command, write conditional statements,and apply filters on calculated search results CORRELATING EVENTS16.1 How to search for transactions?16.2 Creating a report on transactions16.3 Grouping events using time and fields16.4 Comparing transactions with statsHands-on Exercise: Generate a report on transactions, and group events usingfields and time ENRICHING DATA WITH LOOKUPS17.1 Learning data lookups17.2 Examples and lookup tables17.3 Defining and configuring automatic lookups17.4 Deploying lookups in reports and searchesHands-on Exercise: Define and configure automatic lookups and deploy lookupsin reports and searches CREATING REPORTS & DASHBOARDS18.1 Creating search charts, reports, and dashboards18.2 Editing reports and dashboards18.3 Adding reports to dashboardsHands-on Exercise: Create search charts, reports, and dashboards, edit reportsand dashboards, and add reports to dashboards GETTING STARTED WITH PARSING19.1 Working with raw data for data extraction, transformation, parsing, andpreviewSplunk Certification Training10 P a g e

Hands-on Exercise: Extract useful data from raw data, perform transformation,parse different values, and preview them USING PIVOT20.1 Understanding a pivot20.2 Relationship between a data model and a pivot20.3 Selecting a data model object20.4 Creating a pivot report20.5 Creating an instant pivot from a search20.6 Adding a pivot report to the dashboardHands-on Exercise: Select a data model object, create a pivot report, create aninstant pivot from a search, and add a pivot report to the dashboard COMMON INFORMATION MODEL (CIM) ADD-ON21.1 What is a Splunk CIM?21.2 Using the CIM add-on to normalize dataHands-on Exercise: Use the CIM add-on to normalize dataSplunk Administration Topics OVERVIEW OF SPLUNK22.1 Introduction to the architecture of Splunk22.2 Various server settings22.3 How to set up alerts22.4 Various types of licenses22.5 Important features of the Splunk tool22.6 The requirements of hardware and conditions needed for the installation ofSplunk SPLUNK INSTALLATION23.1 How to install and configure Splunk23.2 The creation of an index23.3 Standalone server’s input configurationSplunk Certification Training11 P a g e

23.4 The preferences for a search23.5 Linux environment Splunk installation23.6 Administering and architecting Splunk SPLUNK INSTALLATION IN LINUX24.1 How to install Splunk in the Linux environment24.2 The conditions needed for Splunk24.3 Configuring Splunk in the Linux environment DISTRIBUTED MANAGEMENT CONSOLE25.1 Introducing Splunk distributed management console25.2 Indexing of clusters25.3 How to deploy a distributed search in the Splunk environment25.4 Forwarder management25.5 User authentication and access control INTRODUCTION TO THE SPLUNK APP26.1 Introduction to the Splunk app26.2 How to develop Splunk apps26.3 Splunk app management26.4 Splunk app add-ons26.5 Using Splunk-base for the installation and deletion of apps26.6 Different app permissions and implementation26.7 How to use the Splunk app26.8 Apps on forwarder SPLUNK INDEXES & USERS27.1 Index time configuration file27.2 Search time configuration file SPLUNK CONFIGURATION FILES28.1 Understanding the Index time and search time configuration files in Splunk28.2 Forwarder installation28.3 Input and output configurationSplunk Certification Training12 P a g e

28.4 Universal Forwarder management28.5 Splunk Universal Forwarder highlights SPLUNK DEPLOYMENT MANAGEMENT29.1 Implementing the Splunk tool29.2 Deploying it on the server29.3 Splunk environment setup29.4 Splunk client group deployment SPLUNK INDEXES30.1 Understanding Splunk Indexes30.2 Default Splunk Indexes30.3 Segregating Splunk Indexes30.4 Learning Splunk buckets and bucket classification30.5 Estimating index storage30.6 Creating a new index USER ROLES & AUTHENTICATION31.1 Understanding the concept of role inheritance31.2 Splunk authentications31.3 Native authentications31.4 LDAP authentications SPLUNK ADMINISTRATION ENVIRONMENT32.1 Splunk installation and configuration32.2 Data inputs32.3 App management32.4 Splunk important concepts32.5 Parsing machine-generated data32.6 Search indexer and forwarder BASIC PRODUCTION ENVIRONMENT33.1 Introduction to Splunk configuration files33.2 Universal ForwarderSplunk Certification Training13 P a g e

33.3 Forwarder management33.4 Data management, troubleshooting, and monitoring SPLUNK SEARCH ENGINE34.1 Converting machine-generated data into operational intelligence34.2 Setting up the dashboard, reports, and charts34.3 Integrating search head clustering and indexer clustering VARIOUS SPLUNK INPUT METHODS35.1 Understanding input methods35.2 Deploying scripted Windows and network35.3 Agentless input types and fine-tuning them all SPLUNK USER & INDEX MANAGEMENT36.1 Splunk user authentication and job role assignment36.2 Learning to manage, monitor, and optimize Splunk Indexes MACHINE DATA PARSING37.1 Parsing machine-generated data37.2 Manipulation of raw data37.3 Previewing and parsing37.4 Data field extraction37.5 Comparing single-line and multi-line events SEARCH SCALING & MONITORING38.1 Distributed search concepts38.2 Improving search performance38.3 Large-scale deployment and overcoming execution hurdles38.4 Working with Splunk Distributed Management Console for monitoring theentire operation SPLUNK CLUSTER IMPLEMENTATION39.1 Cluster indexing39.2 Configuring individual nodes39.3 Configuring cluster behavior, index behavior, and search behaviorSplunk Certification Training14 P a g e

39.4 Setting up a node type to handle different aspects of a cluster such as themaster node, the peer node, and the search headProject WorkSplunk Training ProjectsProject 1: Creating an Employee Database of a CompanyIndustry: GeneralProblem Statement: How to build a Splunk dashboard where employee details arereadily availableTopics: In this project, you will create a text file of employee data with details suchas full name, salary, designation, ID, and so on. You will index the data based onvarious parameters and use various Splunk commands for evaluating and extractingthe information. Finally, you will create a dashboard and add various reports to it.Highlights: Splunk search and index commands Extracting a field in search and saving results Editing event types and adding tagsProject 2: Building an Organizational Dashboard with SplunkIndustry: E-commerceProblem Statement: How to analyze website traffic and gather insightsTopics: In this project, you will build an analytics dashboard for a website and createalerts for various conditions. You will capture access logs of the web server and thesample logs and then will upload them. You will analyze the top 10 users, theaverage time spent, the peak response time of the website, the top 10 errors, andthe error code description. You will also create a Splunk dashboard for reporting andanalyzing.Splunk Certification Training15 P a g e

Highlights: Creating bar and line charts Sending alerts for various conditions Providing admin rights for dashboardProject 3: Field Extraction in SplunkIndustry: GeneralProblem Statement: How to extract fields from event data in SplunkTopics: In this project, you will learn to extract fields from events using the Splunkfield extraction technique. You will gain knowledge in the basics of field extractionsand understand the use of the field extractor, the field extraction page in Splunkweb, and field extract configuration in files. You will learn the regular expression anddelimiters method of field extraction. Upon the completion of the project, you willgain expertise in building the Splunk dashboard and using the extracted field data init to create rich visualizations in an enterprise setup.Highlights: Field extraction using the delimiter method Delimit field extracts using FX Extracting fields with the search commandSplunk Certification Training16 P a g e

