Course Overview
This 3-virtual day course is for an experienced Splunk Enterprise administrator who is new to Splunk Clusters. The course provides the fundamental knowledge of deploying and managing Splunk Enterprise in a clustered environment. It covers installation, configuration, management, and monitoring of Splunk clusters. While Splunk Clusters are supported in Windows environments, the class lab environment is running Linux instances only.
Please note that this class may run over three days, with 4.5 hour sessions each day.
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students should have a solid understanding of the following modules:
- Splunk Fundamentals 1 (Retired)
- Splunk Fundamentals 2 (Retired)
Or the following single-subject modules:
- What is Splunk? (Retired)
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Scheduling Reports & Alerts (SRA)
- Visualizations (SVZ)
- Leveraging Lookups and Subsearches (LLS)
- Search Under the Hood (SUH)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD)
Student should also have completed the following modules:
Course Objectives
- Large-scale Splunk Deployment Overview
- Single-site Indexer Cluster
- Indexer Cluster Management and Administration
- Forwarder Configuration
- Search Head Cluster
- Search Head Cluster Management and Administration
- KV Store Collection and Lookup Management
- SmartStore Implementation Overview