Splunk Cluster Administration (SCLA)

The course provides the fundamental knowledge of deploying and managing Splunk Enterprise in a clustered environment. It covers installation, configuration, management, and monitoring of Splunk clusters. While Splunk Clusters are supported in Windows environments, the class lab environment is running Linux instances only.

Retail Price: $1,500.00

Next Date: Request Date

Course Days: 3


Request a Date

Request Custom Course


Course Objectives

  • Large-scale Splunk Deployment Overview
  • Identify factors affecting large-scale Splunk deployments
  • Set up Splunk indexer clusters
  • Deploy and configure a Splunk search head cluster
  • Add new nodes into an existing cluster
  • Decommission nodes from an existing cluster
  • Deploy apps and configuration bundles in Splunk clusters
  • Manage KV store collections and lookups in Splunk clusters
  • Monitor and identify clustering issues with Monitoring Console
  • Scale Splunk indexer cluster with SmartStore

Course Topics:

  • Large-scale Splunk Deployment Overview
  • Single-site Indexer Cluster
  • Multisite Indexer Cluster
  • Indexer Cluster Management and Administration
  • Forwarder Configuration
  • Search Head Cluster
  • Search Head Cluster Management and Administration
  • KV Store Collection and Lookup Management
  • SmartStore Implementation Overview

Who should attend

This 13.5-hour course is for an experienced Splunk Enterprise administrator who is new to Splunk Clusters.

Prerequisites

To be successful, students should have a solid understanding of the following courses:

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

Outline: Splunk Cluster Administration (SCLA)

Module 1 – Large-scale Splunk Deployment Overview

  • Factors that affecting deployment design
  • How Splunk Enterprise can scale
  • Splunk License Master

Module 2 – Single-site Indexer Cluster

  • How Splunk Single-Site Indexer Clusters Work
  • Indexer Cluster Components and Terms
  • Splunk Single-Site Indexer Cluster Configuration
  • Splunk Indexer Cluster Log Channels

Module 3 – Multisite Indexer Cluster

  • How Splunk Multisite Indexer Clusters Work
  • Multisite Indexer Cluster Terms
  • Multisite Indexer Cluster Configuration
  • Optional Multisite Indexer Cluster Configurations

Module 4 – Indexer Cluster Management Administration

  • Peer Offline and Decommission
  • Master App Bundles
  • Indexer Cluster Storage Utilization Options
  • Site Mapping
  • Monitoring Console for Indexer Cluster Environment

Module 5 – Forwarder Management

  • Indexer Discovery
  • Optional Indexer Discovery Configurations
  • Volume-Based Forwarder Load Balancing

Module 6 – Search Head Cluster

  • Splunk Search Head Cluster Overview
  • Search Head Cluster Configuration

Module 7 – Search Head Cluster Management and Administration

  • Search Head Cluster Deployer
  • Captaincy Transfer
  • Search Head Member Addition and Decommissioning
  • Monitoring Console for Search Head Cluster

Module 8 – KV Store Collection and Lookup Management

  • KV Store Collection in Splunk Clusters
  • KV Store Monitoring with Monitoring Console

Module 9 – SmartStore Implementation

  • SmartStore architecture overview
  • Deploy and manage SmartStore


Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com


Request a Date