Installation and Infrastructure
- Install forwarders, indexer, search head, deployment server and license master
Configuration and Collection
- Configure an index cluster
- Deploy all specified configurations via deployment server
- Configure inputs from forwarders
- Configure and confirm index-time knowledge
- Create search time fields
Searching and Reporting
- Create searches for each required use case
- Get indexer event acknowledgements
Prerequisites
- Splunk Fundamentals 1
- Splunk Fundamentals 2
Or the following single-subject courses:
- What is Splunk? (WIS)
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Scheduling Reports & Alerts (SRA)
- Visualizations (SVZ)
- Intro to Knowledge Objects (IKO)
- Creating Field Extractions (CFE)
- Introduction to Dashboards (ITD)
Students should also understand the following courses:
- Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
- Architecting Splunk Enterprise Deployments (ASED)
- Troubleshooting Splunk Enterprise (TSE)
- Splunk Enterprise Cluster Administration