Visão Geral

Este Curso Splunk Enterprise Data Administration foi projetado para administradores que são responsáveis por obter dados em Splunk Indexers. O curso fornece o conhecimento fundamental de forwarders Splunk e métodos para obter dados remotos em indexadores Splunk. Este Curso Splunk Enterprise Data Administration, cobre instalação, configuração, gerenciamento, monitoramento e solução de problemas de forwarders Splunk e componentes do Splunk Deployment Server.

Objetivo

Após realizar este Curso Splunk Enterprise Data Administration, você será capaz de:

• Gerenciar e distribuir forwarders
• Configurar as entradas de dados
• Monitores de arquivo
• Entradas de rede (TCP/UDP)
• Entradas com scripts ▪ Entradas HTTP (através do Coletor de Eventos HTTP)
• Personalizar o processo de análise da fase de entrada
• Definir transformações para modificar dados antes da indexação
• Definir configurações de objetos de conhecimento de tempo de busca

Materiais

Conteúdo Programatico

Module 1 – Getting Data Into Splunk

1. Provide an overview of Splunk
2. Describe the Splunk distributed model
3. Describe data input types and metadata settings
4. Configure initial input testing with Splunk Web
5. Testing Indexes with input staging

Module 2 –Config Files and Apps

1.  Identify Splunk configuration files and directories
2.  Describe index-time and search-time precedence
3.  Validate and update configuration files
4. Explore Splunk apps and app installation

Module 3 – Configuring Forwarders

1. Configure Universal Forwarders
2. Configure Heavy Forwarders

Module 4 – Customizing Forwarders

1. Configure intermediate forwarders
2. Identify additional forwarder options

Module 5 – Managing Forwarders

1. Describe Splunk Deployment Server (DS)
2. Manage forwarders using deployment apps
3. Configure deployment clients and client groups
4. Monitor forwarder management activities

Module 6 – Monitor Inputs

1. Create file and directory monitor inputs
2. Use optional settings for monitor inputs
3. Deploy a remote monitor input

Module 7 – Network Inputs

1. Create network (TCP and UDP) inputs
2. Describe optional settings for network inputs

Module 8 – Scripted Inputs

1.  Create a basic scripted input

Module 9 – Agentless Inputs

1.  Configure Splunk HTTP Event Collector (HEC) agentless input
2.  Describe Splunk App for Stream

Module 10 – Operating System Inputs

1. Identify Linux-specific inputs
2. Identify Windows-specific inputs

Module 11 – Fine-tuning Inputs

1.  Understand the default processing that occurs during input phase
2.  Configure input phase options, such as source type fine-tuning and character set encoding

Module 12 – Parsing Phase and Data Preview

1. Understand the default processing that occurs during parsing
2. Optimize and configure event line breaking
3. Explain how timestamps and time zones are extracted or assigned to events
4. Use Data Preview to validate event creation during parsing phase

Module 13 – Manipulating Input Data

1. Explore Splunk transformation methods
2. Create rulesets with Ingest Actions
3. Mask data with Ingest Action rules
4. Mask data with SEDCMD and TRANSFORMS Splunk Education Services
5. Override sourcetype or host based upon event values