Architecting Splunk Enterprise Deployments (ASED)

This 9-hour module focuses on large enterprise deployments. Students learn steps and best practices for planning, data collection and sizing for a distributed deployment. Workshop-style labs challenge students to make design decisions about an example enterprise deployment.

Retail Price: $1,500.00

Next Date: 07/24/2025

Course Days: 2


Enroll in Next Date

Request Custom Course


Course Objectives

  • Requirements definition
  • Index and resource planning
  • Clustering Overview
  • Forwarder and Deployment
  • Integration
  • Performance Monitoring and Tuning
  • Use Cases

 

Prerequisites

To be successful, students should have a solid understanding of the following modules:

  • Fundamentals 1 & 2 (Retired)

Or the following single-subject modules:

  • What is Splunk? (WIS)
  • Intro to Splunk (ITS)
  • Using Fields (SUF)
  • Intro to Knowledge Objects (IKO)
  • Creating Knowledge Objects (CKO)
  • Creating Field Extractions (CFE)

Students should also understand the following courses:

  • Splunk Enterprise System Administration (SESA)
  • Splunk Enterprise Data Administration (SEDA)

Outline: Architecting Splunk Enterprise Deployments (ASED)

Topic 1 – Introduction

  • Overview of the Splunk deployment planning process and associated tools

Topic 2 – Project Requirements

  • Identify critical information about environment, volume, users, and requirements
  • Review checklists and resources to aid in collecting requirements

Topic 3 – Infrastructure Planning: Index Design

  • Design and size indexes
  • Estimate storage requirements
  • Identify relevant apps

Topic 4 – Infrastructure Planning: Resource Planning

  • List sizing factors for servers
  • Describe how reference hardware is used to scale deployments
  • Identify the impact of clustering for index replication and for search heads

Topic 5- Clustering Overview

  • Describe the different clustering capabilities
  • Introduce the concepts of indexer and search head clustering

Topic 6 - Forwarder and Deployment Best Practices

  • Review types of forwarders
  • Describe how to manage forwarder installation
  • Review configuration management for all Splunk components, using Splunk deployment tools
  • Provide best practices for a Splunk deployment

Topic 7 - Integration

  • Describe integration methods
  • Identify common integration points

Topic 8 – Performance Monitoring and Tuning

  • Use the Monitoring Console to track the performance of your test environment
  • List options to fine tune performance for production environment

Topic 9 – Use Cases

  • Provide example architecture topologies
  • Discuss different architecture options based on use case
Course Dates Course Times (EST) Delivery Mode GTR
7/24/2025 - 7/25/2025 9:00 AM - 1:30 PM Virtual Enroll