Getting to Know Splunk: The Hands-On Administration Guide

Name: Getting to Know Splunk: The Hands-On Administration Guide
Rating: 4.7 (1254 reviews)

Learn how to be an IT superhero and go home early! This course will introduce you to Splunk administration in no time.

Created byTom Kopchak

Last updated 6/2018

English

What you'll learn

Building a development Splunk environment from scratch on a Linux server
Onboarding data into Splunk
Understanding the importance of the Common Information Model (CIM)
Normalizing data using Splunk apps
Developing basic reports and dashboards using your new Splunk instance
Understanding why leaving systems exposed to the Internet is a bad idea

Course content

9 sections • 44 lectures • 3h 50m total length

Introduction2:22
Welcome to this course! This section will introduce the course and establish expectations for your learning outcomes. Go ahead and download a copy of the slides now so that you have them for reference later.
About this course3:12
This section will introduce the goals and methodologies for this course. You'll need a Splunk account, and a Linux machine to complete the lab activities. If you're interested in using an Amazon Web Services (AWS) virtual machine for this course, see the last lecture in this section for a demonstration on how to get this set up.
What is Splunk?4:24
This section will introduce Splunk and explain why Splunk is used in many organizations.
What are logs? Why do they matter?3:52
Logs are the underlying data that powers Splunk. This section will provide an overview of what logs are, and why they're important for Splunk. We'll also discuss why searching logs is useful for security and operations roles.
Quiz: Introduction to Splunk
Optional: AWS Environment Set-Up17:53
The labs for this class are are designed around an Amazon Web Services (AWS) Linux environment. No experience with AWS? No problem. This optional section will show you how to set up an environment within AWS that will work for completing the labs within the course. If you have worked with AWS before, or are using a virtual machine on a different platform, feel free to skip this section.

Reporting Log Data: Tables9:03
Hands On Lab: Tables
Advanced Searching Concepts: Chart3:15
Advanced Searching Concepts: Timechart5:11
Advanced Searching Concepts: Geostats and IPlocation4:55
Advanced Searching Concepts: Eval2:36
Advanced Searching Concepts: Rename2:36
Advanced Searching Concepts: Relative Time Syntax8:26
Advanced Searching Concepts: Search Performance3:00
Advanced Searching Concepts: Time to experiment0:28
There's no formal lab activity for this section - use this opportunity to create a few reports using the commands highlighted in the previous lectures and save them for use in the next section in a dashboard.
Dashboards10:46
Hands-On Lab: Dashboards

Requirements

No previous (administrator or user) Splunk experience is necessary. The purpose of this course is to begin at the fundamentals, so you can get started and advance your skills from there.
You will need a computer with a web browser and SSH client, as well as a Linux instance to use as your Splunk host. An Amazon Web Services (AWS) Ubuntu image will mirror the instructor examples in the lab activities - and I'll provide steps to duplicate my environment for you to use if you want.
Familiarity with Linux command line is a plus, though not a requirement. I’ll be walking you through the steps as we go.

Description

It's time for you to learn how to navigate Splunk and dominate big data!

Are your log files attempting to overthrow you? Have you heard of Splunk, but don't know how to wield it for the greater good of your data, or that of your enterprise? Have you used Splunk, but want to learn how to set it up and build it out properly? If so, this class is for you.

In this course, Tom will be teaching you how to get started with Splunk from the ground up. You'll learn the basics of Splunk terminology, along with how to use the Splunk web interface to find the data you're looking for. You'll build your own Splunk environment, add and normalize data to the Common Information Model (CIM), create dashboards, and find events in your data. Finally, you'll gain some more advanced searching techniques that will be particularly beneficial to those in network, security, and system administration roles.

This course is unique in that it does not require you to have a pre-existing Splunk environment - you'll actually be building and administering the Splunk system you will use to complete the lab activities.

Who this course is for:

Anyone looking to get started with Splunk administration.
If you have used Splunk for searching but have never brought in data or installed the software.
Individuals responsible for administering a Splunk environment but don't have much experience with running this software.

Getting to Know Splunk: The Hands-On Administration Guide

What you'll learn

Explore related topics

Course content

Introduction5 lectures • 32min

Building your Splunk Environment1 lecture • 1min

Splunk Terminology11 lectures • 25min

Data Onboarding3 lectures • 8min

Splunk Infrastructure8 lectures • 28min

Data Normalization1 lecture • 5min

Using Your Splunk Environment4 lectures • 28min

Visualizing Data10 lectures • 50min

Wrap Up1 lecture • 1min

Requirements

Description

Who this course is for: