{"course":{"productid":25916,"modality":1,"active":true,"language":"en","title":"Splunk Enterprise System Administration","productcode":"SESA","vendorcode":"SP","vendorname":"Splunk","fullproductcode":"SP-SESA","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/splunk-sesa","essentials":"<p>To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:\n<\/p>\n<ul>\n<li>Intro to Splunk<\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/splunk-suf\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Using Fields <span class=\"fl-prod-pcode\">(SUF)<\/span><\/a><\/span><\/li><li>Intro to Knowledge Objects<\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/splunk-cko\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Creating Knowledge Objects <span class=\"fl-prod-pcode\">(CKO)<\/span><\/a><\/span><\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/splunk-cfe\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Creating Field Extractions <span class=\"fl-prod-pcode\">(CFE)<\/span><\/a><\/span><\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/splunk-edl\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Enriching Data with Lookups <span class=\"fl-prod-pcode\">(EDL)<\/span><\/a><\/span><\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/splunk-sdm\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Data Models <span class=\"fl-prod-pcode\">(SDM)<\/span><\/a><\/span><\/li><\/ul>","audience":"<ul>\n<li>Administrators<\/li><\/ul>","contents":"<p>This course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.<\/p>\n<p><strong>Please note that classes may run across two days, consisting of 6 hour sessions.<\/strong><\/p>","outline":"<p><strong>Module 1 -  Deploy Splunk<\/strong><\/p>\n<ul>\n<li>Provide an overview of Splunk<\/li><li>Identify Splunk Enterprise components<\/li><li>Identify the types of Splunk deployments<\/li><li>List the steps to install Splunk<\/li><li>Use Splunk CLI commands<\/li><li>Explore security best practices<\/li><\/ul><p><strong>Module 2 -  Monitor Splunk<\/strong><\/p>\n<ul>\n<li>Use Splunk Health Report<\/li><li>Enable the Monitoring Console<\/li><li>Use Splunk Assist<\/li><li>Use Splunk Diag<\/li><\/ul><p><strong>Module 3 -  License Splunk<\/strong><\/p>\n<ul>\n<li>Identify Splunk license types<\/li><li>Describe license violations<\/li><li>Add and remove licenses<\/li><\/ul><p><strong>Module 4 - Use Configuration Files<\/strong><\/p>\n<ul>\n<li>Describe Splunk configuration directory structure<\/li><li>Understand configuration layering process<\/li><li>Use btool to examine configuration settings<\/li><\/ul><p><strong>Module 5 - Use Apps<\/strong><\/p>\n<ul>\n<li>Describe Splunk apps and add-ons<\/li><li>Install an app on a Splunk instance<\/li><li>Manage app accessibility and permissions<\/li><\/ul><p><strong>Module 6 - Create Indexes<\/strong><\/p>\n<ul>\n<li>Learn how Splunk indexes functions<\/li><li>Identify the types of index buckets<\/li><li>Add and work with indexes<\/li><li>Overview of metrics index<\/li><\/ul><p><strong>Module 7 - Manage Index<\/strong><\/p>\n<ul>\n<li>Review Splunk Index Management basics<\/li><li>Identify data retention recommendations<\/li><li>Identify backup recommendations<\/li><li>Move and delete index data<\/li><li>Describe the use of the fishbucket<\/li><li>Restore a frozen bucket<\/li><\/ul><p><strong>Module 8 - Manage Users<\/strong><\/p>\n<ul>\n<li>Add Splunk users using native authentication<\/li><li>Describe user roles in Splunk<\/li><li>Create a custom role<\/li><li>Manage users in Splunk<\/li><\/ul><p><strong>Module 9 - Configure Basic Forwarding<\/strong><\/p>\n<ul>\n<li>Identify forwarder configuration steps<\/li><li>Configure a Universal Forwarder<\/li><li>Understand the deployment server<\/li><\/ul><p><strong>Module 10 - Configure Distributed Search<\/strong><\/p>\n<ul>\n<li>Describe how distributed search works<\/li><li>Describe the roles of the search head and search peers<\/li><\/ul>","essentials_plain":"To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:\n\n\n\n- Intro to Splunk\n- Using Fields (SUF)\n- Intro to Knowledge Objects\n- Creating Knowledge Objects (CKO)\n- Creating Field Extractions (CFE)\n- Enriching Data with Lookups (EDL)\n- Data Models (SDM)","audience_plain":"- Administrators","contents_plain":"This course is designed for system administrators who are responsible for managing the Splunk Enterprise environment. The course provides the fundamental knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.\n\nPlease note that classes may run across two days, consisting of 6 hour sessions.","outline_plain":"Module 1 -  Deploy Splunk\n\n\n- Provide an overview of Splunk\n- Identify Splunk Enterprise components\n- Identify the types of Splunk deployments\n- List the steps to install Splunk\n- Use Splunk CLI commands\n- Explore security best practices\nModule 2 -  Monitor Splunk\n\n\n- Use Splunk Health Report\n- Enable the Monitoring Console\n- Use Splunk Assist\n- Use Splunk Diag\nModule 3 -  License Splunk\n\n\n- Identify Splunk license types\n- Describe license violations\n- Add and remove licenses\nModule 4 - Use Configuration Files\n\n\n- Describe Splunk configuration directory structure\n- Understand configuration layering process\n- Use btool to examine configuration settings\nModule 5 - Use Apps\n\n\n- Describe Splunk apps and add-ons\n- Install an app on a Splunk instance\n- Manage app accessibility and permissions\nModule 6 - Create Indexes\n\n\n- Learn how Splunk indexes functions\n- Identify the types of index buckets\n- Add and work with indexes\n- Overview of metrics index\nModule 7 - Manage Index\n\n\n- Review Splunk Index Management basics\n- Identify data retention recommendations\n- Identify backup recommendations\n- Move and delete index data\n- Describe the use of the fishbucket\n- Restore a frozen bucket\nModule 8 - Manage Users\n\n\n- Add Splunk users using native authentication\n- Describe user roles in Splunk\n- Create a custom role\n- Manage users in Splunk\nModule 9 - Configure Basic Forwarding\n\n\n- Identify forwarder configuration steps\n- Configure a Universal Forwarder\n- Understand the deployment server\nModule 10 - Configure Distributed Search\n\n\n- Describe how distributed search works\n- Describe the roles of the search head and search peers","skill_level":"Intermediate","version":"9.1","duration":{"unit":"d","value":2,"formatted":"2 days"},"pricelist":{"List Price":{"US":{"country":"US","currency":"USD","taxrate":null,"price":1500},"SI":{"country":"SI","currency":"EUR","taxrate":20,"price":1500},"GR":{"country":"GR","currency":"EUR","taxrate":null,"price":1500},"MK":{"country":"MK","currency":"EUR","taxrate":null,"price":1500},"HU":{"country":"HU","currency":"EUR","taxrate":20,"price":1500},"GB":{"country":"GB","currency":"GBP","taxrate":20,"price":1250},"PL":{"country":"PL","currency":"USD","taxrate":23,"price":1500},"IT":{"country":"IT","currency":"USD","taxrate":20,"price":1500},"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":1500},"AT":{"country":"AT","currency":"EUR","taxrate":20,"price":1500},"SE":{"country":"SE","currency":"EUR","taxrate":25,"price":1500},"CA":{"country":"CA","currency":"CAD","taxrate":null,"price":2070},"CH":{"country":"CH","currency":"CHF","taxrate":8.1,"price":1650},"NL":{"country":"NL","currency":"EUR","taxrate":21,"price":1500},"FR":{"country":"FR","currency":"EUR","taxrate":19.6,"price":1500}}},"lastchanged":"2026-02-05T17:12:26+01:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/en\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/en\/json-course-schedule\/25916","source_lang":"en","source":"https:\/\/portal.flane.ch\/swisscom\/en\/json-course\/splunk-sesa"}}