Getting to Know Splunk: The Hands-On Administration Guide
What you'll learn
- Building a development Splunk environment from scratch on a Linux server
- Onboarding data into Splunk
- Understanding the importance of the Common Information Model (CIM)
- Normalizing data using Splunk apps
- Developing basic reports and dashboards using your new Splunk instance
- Understanding why leaving systems exposed to the Internet is a bad idea
Requirements
- No previous (administrator or user) Splunk experience is necessary. The purpose of this course is to begin at the fundamentals, so you can get started and advance your skills from there.
- You will need a computer with a web browser and SSH client, as well as a Linux instance to use as your Splunk host. An Amazon Web Services (AWS) Ubuntu image will mirror the instructor examples in the lab activities - and I'll provide steps to duplicate my environment for you to use if you want.
- Familiarity with Linux command line is a plus, though not a requirement. I’ll be walking you through the steps as we go.
Description
It's time for you to learn how to navigate Splunk and dominate big data!
Are your log files attempting to overthrow you? Have you heard of Splunk, but don't know how to wield it for the greater good of your data, or that of your enterprise? Have you used Splunk, but want to learn how to set it up and build it out properly? If so, this class is for you.
In this course, Tom will be teaching you how to get started with Splunk from the ground up. You'll learn the basics of Splunk terminology, along with how to use the Splunk web interface to find the data you're looking for. You'll build your own Splunk environment, add and normalize data to the Common Information Model (CIM), create dashboards, and find events in your data. Finally, you'll gain some more advanced searching techniques that will be particularly beneficial to those in network, security, and system administration roles.
This course is unique in that it does not require you to have a pre-existing Splunk environment - you'll actually be building and administering the Splunk system you will use to complete the lab activities.
Who this course is for:
- Anyone looking to get started with Splunk administration.
- If you have used Splunk for searching but have never brought in data or installed the software.
- Individuals responsible for administering a Splunk environment but don't have much experience with running this software.
Instructor
Tom Kopchak is the Director of Technical Operations at Hurricane Labs, where he pretends to manage a team of network and Splunk engineers, but is still an engineer and technology geek at heart. Tom is a Splunk Accredited Architect and Consultant, and has several years of experience building, designing, and managing Splunk deployments as well as managing teams of Splunk engineers. He holds a Master’s degree in Computing Security from the Rochester Institute of Technology, and has spoken at numerous infosec conferences around the country. You will often be able to find him researching digital forensics topics or tinkering with any and all forms of computer hardware. When he is not working with computers, Tom enjoys composing, music improvisation (Acts of Music), and playing both the piano and organ.