Getting to Know Splunk: The Hands-On Administration Guide
4.6 (191 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
1,410 students enrolled

Getting to Know Splunk: The Hands-On Administration Guide

Learn how to be an IT superhero and go home early! This course will introduce you to Splunk administration in no time.
4.6 (189 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
1,410 students enrolled
Created by Tom Kopchak
Last updated 6/2018
English
English
Current price: $20.99 Original price: $29.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 4 hours on-demand video
  • 2 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Assignments
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Building a development Splunk environment from scratch on a Linux server
  • Onboarding data into Splunk
  • Understanding the importance of the Common Information Model (CIM)
  • Normalizing data using Splunk apps
  • Developing basic reports and dashboards using your new Splunk instance
  • Understanding why leaving systems exposed to the Internet is a bad idea
Requirements
  • No previous (administrator or user) Splunk experience is necessary. The purpose of this course is to begin at the fundamentals, so you can get started and advance your skills from there.
  • You will need a computer with a web browser and SSH client, as well as a Linux instance to use as your Splunk host. An Amazon Web Services (AWS) Ubuntu image will mirror the instructor examples in the lab activities - and I'll provide steps to duplicate my environment for you to use if you want.
  • Familiarity with Linux command line is a plus, though not a requirement. I’ll be walking you through the steps as we go.
Description

It's time for you to learn how to navigate Splunk and dominate big data!

Are your log files attempting to overthrow you? Have you heard of Splunk, but don't know how to wield it for the greater good of your data, or that of your enterprise? Have you used Splunk, but want to learn how to set it up and build it out properly? If so, this class is for you.

In this course, Tom will be teaching you how to get started with Splunk from the ground up. You'll learn the basics of Splunk terminology, along with how to use the Splunk web interface to find the data you're looking for. You'll build your own Splunk environment, add and normalize data to the Common Information Model (CIM), create dashboards, and find events in your data. Finally, you'll gain some more advanced searching techniques that will be particularly beneficial to those in network, security, and system administration roles.

This course is unique in that it does not require you to have a pre-existing Splunk environment - you'll actually be building and administering the Splunk system you will use to complete the lab activities.

Who this course is for:
  • Anyone looking to get started with Splunk administration.
  • If you have used Splunk for searching but have never brought in data or installed the software.
  • Individuals responsible for administering a Splunk environment but don't have much experience with running this software.
Course content
Expand all 44 lectures 03:50:26
+ Introduction
5 lectures 31:43

Welcome to this course! This section will introduce the course and establish expectations for your learning outcomes. Go ahead and download a copy of the slides now so that you have them for reference later. 

Preview 02:22

This section will introduce the goals and methodologies for this course. You'll need a Splunk account, and a Linux machine to complete the lab activities. If you're interested in using an Amazon Web Services (AWS) virtual machine for this course, see the last lecture in this section for a demonstration on how to get this set up. 

Preview 03:12

This section will introduce Splunk and explain why Splunk is used in many organizations. 

What is Splunk?
04:24

Logs are the underlying data that powers Splunk. This section will provide an overview of what logs are, and why they're important for Splunk. We'll also discuss why searching logs is useful for security and operations roles. 

What are logs? Why do they matter?
03:52

This quiz covers the introductory material for this course from the first section. 

Quiz: Introduction to Splunk
4 questions

The labs for this class are are designed around an Amazon Web Services (AWS) Linux environment. No experience with AWS? No problem. This optional section will show you how to set up an environment within AWS that will work for completing the labs within the course. If you have worked with AWS before, or are using a virtual machine on a different platform, feel free to skip this section. 

Preview 17:53
+ Building your Splunk Environment
1 lecture 01:00
Installing Splunk 7.1
01:00
The lab will walk you through building your Splunk instance. You will want to complete this assignment so that you can complete the remaining lab activities.
Hands-On Lab: Building your Splunk instance
2 questions

Now that you've installed Splunk, check your knowledge of the installation process.

Quiz: Installing Splunk
3 questions
+ Splunk Terminology
11 lectures 24:39
Introduction to Splexicon
01:11
Events
02:21
Search
01:28
Report
01:44
Dashboard
02:30
SPL - Search Processing Language
02:32
Sourcetype
02:57
Index
02:12
Knowledge Objects & Fields
05:10
Lookup
02:12
Terminology wrap up
00:22

This quiz will test your knowledge of Splunk terminology.

Quiz: Splexicon
10 questions
+ Data Onboarding
3 lectures 08:11
Approaching data onboarding
04:17
This exercise will walk you through your first data onboarding into Splunk. We will use the built-in authentication log (auth.log) on your Linux system for this exercise.
Hands-On Lab: Onboarding Linux Security Logs
2 questions
This lab will demonstrate how to use Splunk apps to make your life easier and your data better. Previously, you saw that some of the data was either missing field extractions entirely or had inconsistent fields. This lab will show you how to use the Splunk Add-on for *Nix for field extractions.
Hands-On Lab: Field extractions - using Splunk apps
1 question
What if there isn't an app?
00:44
Splunk Config Files
03:10
+ Splunk Infrastructure
8 lectures 28:28
Core Infrastructure: Indexers and Search Heads
04:30
Supporting Infrastructure: Forwarders
02:38
Supporting Infrastructure: Syslog Receiver
02:53
Supporting Infrastructure: Deployment Server
06:44
Splunk Licensing
02:34
Splunk Clustering
05:19
Distributed Splunk Environments
01:28
Splunk Apps
02:22

This quiz will test your mastery of Splunk infrastructure topology.

Quiz: Splunk Infrastructure
10 questions
+ Data Normalization
1 lecture 05:22
In this lab, you will onboard firewall logs (Linux iptables) from your Splunk server. We will use these logs to demonstrate data normalization, and will also use this data for some of the subsequent activities in this class.
Hands-On Lab: Data Onboarding: IPtables Logs
4 questions
Normalizing Data: The Common Information Model
05:22
In this lab exercise, you'll learn how to utilize a published app on Splunkbase in order to apply the Common Information Model (CIM) to your iptables firewall logs.
Hands-On Lab: Applying CIM to your firewall logs
3 questions
+ Using Your Splunk Environment
4 lectures 27:44
Splunk UI Overview
08:04
Using Fields
07:30
In this lab, you'll gain familiarity with the Splunk search interface by practicing using the linux:netfilter data you previously onboarded.
Hands on with the Splunk UI
2 questions
Search Modes
05:42
This lab will give you a hands on exercise to become familiar with different Splunk search modes: fast mode, smart mode, and verbose mode.
Hands On Lab: Search Modes
2 questions
The Search Pipeline
06:28
This lab will introduce you to the search pipeline. You will develop a simple search and save it as a report.
Hands on with the Search Pipeline
2 questions
+ Visualizing Data
10 lectures 50:16
Reporting Log Data: Tables
09:03
In this lab, you will create a few tables using the firewall and linux_secure data.
Hands On Lab: Tables
2 questions
Advanced Searching Concepts: Chart
03:15
Advanced Searching Concepts: Timechart
05:11
Advanced Searching Concepts: Geostats and IPlocation
04:55
Advanced Searching Concepts: Eval
02:36
Advanced Searching Concepts: Rename
02:36
Advanced Searching Concepts: Relative Time Syntax
08:26
Advanced Searching Concepts: Search Performance
03:00

There's no formal lab activity for this section - use this opportunity to create a few reports using the commands highlighted in the previous lectures and save them for use in the next section in a dashboard. 

Advanced Searching Concepts: Time to experiment
00:28
Dashboards
10:46
In this culminating lab exercise, you will build a Splunk dashboard using the data we previously onboarded and several of the more advanced searching concepts covered in the last series of lectures. This is your opportunity to turn your lab system data into something unique and interesting!
Hands-On Lab: Dashboards
1 question
+ Wrap Up
1 lecture 01:10
Course Wrap Up
01:10