Splunk Enterprise Data Administration

Splunk Enterprise Data AdministrationSEDASPSplunkSP-SEDA9.4To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: <ul> <li>Intro to Splunk</li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-suf"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Using Fields (SUF)</a></li><li>Intro to Knowledge Objects</li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-cko"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Creating Knowledge Objects (CKO)</a></li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-cfe"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Creating Field Extractions (CFE)</a></li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-edl"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Enriching Data with Lookups (EDL)</a></li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-sdm"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Data Models (SDM)</a></li><li><a class="fl-href-prod" href="/swisscom/en/course/splunk-sesa"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Splunk Enterprise System Administration (SESA)</a></li></ul><ul> <li>Administrators</li></ul>Module 1 – Get Data Into Splunk <ul> <li>Provide an overview of Splunk</li><li>Describe the Splunk distributed model</li><li>Describe data input types and metadata settings</li><li>Configure initial input testing with Splunk Web</li><li>Test Indexes with input staging</li></ul>Module 2 – Configuration Files and Apps <ul> <li>Identify Splunk configuration files and directories</li><li>Describe index-time and search-time precedence</li><li>Validate and update configuration files</li><li>Explore Splunk apps and apps installation</li></ul>Module 3 – Configure Forwarders <ul> <li>Configure Universal Forwarders</li><li>Configure Heavy Forwarders</li></ul>Module 4 – Customize Forwarder <ul> <li>Configure intermediate forwarders</li><li>Identify additional forwarder options</li></ul>Module 5 - Manage Forwarders <ul> <li>Describe the Splunk deployment server</li><li>Manage forwarders using deployment apps</li><li>Configure deployment clients and client groups</li><li>Monitor forwarder management activities</li></ul> Module 6 – Monitor Inputs <ul> <li>Create file and directory monitor inputs</li><li>Use optional settings for monitor inputs</li><li>Deploy a remote monitor input</li></ul>Module 7 – Network Inputs <ul> <li>Create network (TCP and UDP) inputs</li><li>Describe optional settings for network inputs</li></ul>Module 8 – Scripted Inputs <ul> <li>Create a basic scripted input</li></ul>Module 9 – Agentless Inputs <ul> <li>Configure Splunk HTTP Event Collector (HEC) agentless input</li><li>Describe Splunk App for Stream</li></ul>Module 10 – Operating System Inputs <ul> <li>Identify Linux-specific inputs</li><li>Identify Windows-specific inputs</li></ul>Module 11 – Fine-tune Inputs <ul> <li>Understand the default processing that occurs during input phase</li><li>Configure input phase options</li></ul>Module 12 – Parsing Phase and Data Preview <ul> <li>Understand default processing during parsing phase</li><li>Optimize and configure event line breaking</li><li>Explain how timestamps and time zones are used</li><li>Use Data Preview to validate event create during parsing phase</li></ul>Module 13 – Manipulating Input Data <ul> <li>Explore Splunk transformation methods</li><li>Create rulesets with Ingest Actions</li><li>Mask data with Ingest Action rules</li><li>Mask data with SEDCMD and TRANSFORMS</li><li>Override sourcetype or host base upon event values</li></ul>Module 14 - Route Input Data <ul> <li>Filter data with Ingest Action rules</li><li>Route data with Ingest Action rules</li><li>Route data with Transforms</li></ul>Module 15 – Support Knowledge Objects <ul> <li>Define default and custom search time field extractions</li><li>Identify the pros and cons of indexed time field extractions</li><li>Configure indexed field extractions</li><li>Describe default search-time extractions</li><li>Manage orphaned knowledge objects</li></ul>To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge: - Intro to Splunk - Using Fields (SUF) - Intro to Knowledge Objects - Creating Knowledge Objects (CKO) - Creating Field Extractions (CFE) - Enriching Data with Lookups (EDL) - Data Models (SDM) - Splunk Enterprise System Administration (SESA)- AdministratorsModule 1 – Get Data Into Splunk - Provide an overview of Splunk - Describe the Splunk distributed model - Describe data input types and metadata settings - Configure initial input testing with Splunk Web - Test Indexes with input staging Module 2 – Configuration Files and Apps - Identify Splunk configuration files and directories - Describe index-time and search-time precedence - Validate and update configuration files - Explore Splunk apps and apps installation Module 3 – Configure Forwarders - Configure Universal Forwarders - Configure Heavy Forwarders Module 4 – Customize Forwarder - Configure intermediate forwarders - Identify additional forwarder options Module 5 - Manage Forwarders - Describe the Splunk deployment server - Manage forwarders using deployment apps - Configure deployment clients and client groups - Monitor forwarder management activities Module 6 – Monitor Inputs - Create file and directory monitor inputs - Use optional settings for monitor inputs - Deploy a remote monitor input Module 7 – Network Inputs - Create network (TCP and UDP) inputs - Describe optional settings for network inputs Module 8 – Scripted Inputs - Create a basic scripted input Module 9 – Agentless Inputs - Configure Splunk HTTP Event Collector (HEC) agentless input - Describe Splunk App for Stream Module 10 – Operating System Inputs - Identify Linux-specific inputs - Identify Windows-specific inputs Module 11 – Fine-tune Inputs - Understand the default processing that occurs during input phase - Configure input phase options Module 12 – Parsing Phase and Data Preview - Understand default processing during parsing phase - Optimize and configure event line breaking - Explain how timestamps and time zones are used - Use Data Preview to validate event create during parsing phase Module 13 – Manipulating Input Data - Explore Splunk transformation methods - Create rulesets with Ingest Actions - Mask data with Ingest Action rules - Mask data with SEDCMD and TRANSFORMS - Override sourcetype or host base upon event values Module 14 - Route Input Data - Filter data with Ingest Action rules - Route data with Ingest Action rules - Route data with Transforms Module 15 – Support Knowledge Objects - Define default and custom search time field extractions - Identify the pros and cons of indexed time field extractions - Configure indexed field extractions - Describe default search-time extractions - Manage orphaned knowledge objects3 days1600.002250.002250.002250.002250.002250.001875.002250.002250.002250.002250.003105.002500.002250.002250.00225.00225.00225.00225.00225.00225.00225.00225.00225.00