Опис курсу
This 3-virtual day course is for an experienced Splunk
Enterprise administrator who is new to Splunk Clusters. The
course provides the fundamental knowledge of deploying
and managing Splunk Enterprise in a clustered environment.
It covers installation, configuration, management, and
monitoring of Splunk clusters.
While Splunk Clusters are supported in Windows environments, the class lab environment is running Linux instances only.
Попередні вимоги
To be successful, students should have a solid understanding of the topics covered in the following courses:
- What is Splunk?
- Intro to Splunk
- Using Fields
- Scheduling Reports and Alerts
- Introduction to Knowledge Objects
- Creating Knowledge Objects
- Creating Field Extractions
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
Цілі курсу
- Large-scale Splunk Deployment Overview
- Identify factors affecting large-scale Splunk deployments
- Set up Splunk indexer clusters
- Deploy and configure a Splunk search head cluster
- Add new nodes into an existing cluster
- Decommission nodes from an existing cluster
- Deploy apps and configuration bundles in Splunk clusters
- Manage KV store collections and lookups in Splunk clusters
- Monitor and identify clustering issues with Monitoring Console
- Scale Splunk indexer cluster with SmartStore
Зміст курсу
- Large-scale Splunk Deployment Overview
- Single-site Indexer Cluster
- Multisite Indexer Cluster
- Indexer Cluster Management and Administration
- Forwarder Configuration
- Search Head Cluster
- Search Head Cluster Management and Administration
- KV Store Collection and Lookup Management
- SmartStore Implementation Overview