Course Overview
This 18-hour course is designed for administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.
What are the skills covered
- Understand sourcetypes
- Manage and deploy forwarders
- Configure data inputs
- Fire monitors
- Network inputs (TCP/UDP)
- Scripted inputs
- HTTP inputs (via the HTTP Event Collector)
- Customize the input phase parsing process
- Define transformations to modify data before indexing
- Define search time knowledge object configurations
Who should attend this course
- Administrators
Course Curriculum
What are the Prerequisites
To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:
- Intro to Splunk
- Using Fields
- Introduction to Knowledge Objects
- Creating Knowledge Objects
- Creating Field Extractions
- Enriching Data with Lookups
- Data Models
- Splunk Enterprise System Administration
Course Modules
Exam & Certification
This course is not associated with any Certification.
