Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Complete Splunk Enterprise Certified Admin Course (NEW)

Name: Complete Splunk Enterprise Certified Admin Course (NEW)
Rating: 4.4 (1265 reviews)

A Complete Lab Deployment with Data Onboarding and Custom Use cases:LEARN Splunk from a former Splunk Architect Employee

Created byGreenzone Cybersecurity

Last updated 7/2024

English

What you'll learn

easily pass the Splunk Enterprise 9.x Certified Admin exam!
Master all aspects of Splunk configuration via CLI and the Web with practical Labs
Set up a working Splunk environment from scratch in a distributed architecture design ( a complete Practical Lab )
understand and implement data collection methods with Splunk ( monitoring inputs, scripted inputs, network inputs, HTTP event collector )
understand and implement data onboarding with Splunk
understand and implement Splunk Forwarding methodology in real life
understand and deploy Splunk forwarder management
understand Splunk indexing, retention policy and bucket life cycle
Explore Splunk apps and the thriving Splunkbase community
Users, roles, and authentication
How to troubleshoot a Splunk Environment

Course content

14 sections • 68 lectures • 10h 40m total length

Getting started with Splunk3:27
What does Splunk do?4:03
Splunk Components at a glance and Architecture Overview5:12

Splunk Deployment Prerequisites11:45
Document - Splunk download and Splunk installation steps for Linux with tgz file0:42
Document - Network settings and recourses0:32
Document - Splunk System Requirements recourses0:03
LAB: Deploy Splunk on a Linux Machine11:25
LAB: Spunk Best Practices - Disable Transparent Huge Pages on Linux5:05
Document - Disable THP on Linux machine0:46
LAB: Spunk Best Practices - Increase ulimit on Linux1:24
LAB: Spunk Best Practices - Configure Splunk Enterprise to start at boot time2:59
Document - configure Ulimit and recourses0:23
LAB: Spunk Best Practices - Post Installation Health Check4:16
Deploy Splunk on a Windows Machine2:42

Introduction to Splunk Indexes7:21
Explore how Splunk indexes organize data on the indexer, including main index and underscore internal, underscore audit, underscore introspection, and underscore the fish bucket, enabling fast search and tailored retention.
Demo: Splunk Index's Structure10:02
Splunk Index - Buckets Life Cycle and Retention Policy5:11
Explore how Splunk index buckets evolve from hot to warm to cold and to frozen, governed by max buckets, max data size, and retention rules that trigger archive.
LAB: Splunk Indexes - Add Splunk Index via the web and CLI19:23
Splunk Indexes: Backup and deletion10:06
The Fishbucket Concept in Splunk6:27
Learn the fish bucket concept in Splunk, using CRC, seek address, and seek CRC to track how much a universal forwarder has read into monitored files and prevent duplicates.
Document - Fishbucket recourses0:03

LAB: Discuss and deploy the Universal Forwarder on Linux6:46
install and configure the Universal Forwarder
LAB: Configure the UF for monitoring input and forward the logs to the Indexer18:15
Configure the universal forwarder to monitor secure* logs in var/log and forward to the indexer with inputs.conf and outputs.conf, ensuring splunk ownership and correct host, index, and source type.
LAB: Discuss and configure the Indexer for log receiving16:16
LAB: Discuss and deploy the Universal Forwarder on a windows machine9:55
LAB: configure the Indexer and deploy Windows App on the UF and the Indexer18:59
LAB: Discuss and deploy the Search Head as part of the distributed Architecture9:42

discussion on Data Collection Methods in a distributed environment7:29
Explore data collection methods in a distributed environment using universal forwarders, syslog, and scripted inputs to feed logs to the indexing tier, with best practices via inputs dot com.
Discussion on Metadata Fields and data flow (continuation )8:54
Why Sourcetype Matters?11:10
Define a source type before data onboarding to ensure Splunk correctly parses data into events and applies proper event boundaries, with built-in types and apps guiding onboarding.

Data consolidation and Load balancing topology (introduction to Event breaking)17:56
In this section I will provide an introduction to how to forward the data from the Universal Forwarders in a data consolidation topology as well as in a load balancing fashion. Also, I will introduce the concept of event breaking on the Universal Forwarder to make the universal forwarder aware on where to break the data so the load balancing will happen smoothly.
Discuss forwarding the data based on Routing and filtering1:53
Forwarding the data to the Indexing tier via Intermediate Forwarders2:51
Discussion on Why using Universal Forwarders over the Heavy Forwarders?3:15

Requirements

Computer with Internet Connection
basic Linux knowledge
Understand how to install software on Linux and Windows

Description

I am going to get you to the point to be an Expert on Splunk Technology so you are not going to only pass this exam, but also to help you become a subject matter expert in the world of SIEM.

This is a new Splunk course uploaded for the first time as of November 18 2022 with the latest updates from Splunk!

This course is designed specifically for you, and I have divided it into milestones, each milestone starts with a concept on a specific Splunk topic/functionality so you can grasp it and then we end the section with a demo lab. At the end of this course, I walk you through a life scenario where we will simulate different use cases from a customer's perspective and we start building our lab from the design aspect, then we move to the deployment phase and finally we implement those use cases by deploying different apps as well as creation of custom app which are part of the data onboarding process.

The best hands-on labs course for learning Splunk and crack the Splunk enterprise Certified Admin Course, the leader in real-time monitoring, log management, and SIEM (security information and event management).

Your instructor is Saif Al-Shoker, a Splunk Certified core Consultant and Architect with over 10 years of experience in the security domain, 5 years splunking and hold two master degrees.

Don't buy poor-quality courses! This course is a high quality that I will take you step by step to successfully deploy Splunk in a distributed architecture design, through engaging video tutorials and teach you everything you need to know to be a successful Splunk Administrator, please check the content.

Look no further ! This is the most comprehensive full LAB implementation —course that covers the latest versions of Splunk Enterprise

In this class, we will cover everything on the exam blueprint. We will provide you with the tools you need to pass the exam and get certified with Tons of Labs!

Whether you've inherited a Splunk environment, are building one from scratch, or are simply curious about Splunk, this course was designed specifically for you!

We'll cover it all...

I remember my first time when I started to learn Splunk, I didn’t know where to start and with all the information out there makes it even harder to grasp, so today I am putting my self in your shoes to help you conquer this complexity .so I have designed this course specially for you

Who this course is for:

Anyone who wants to get the Splunk Enterprise Certified Admin certificate
Individuals who are looking to have solid theoretical and practical foundation in Splunk
Have you been tasked with setting up Splunk but aren't sure where to start? this course is equipped with many labs taken from real world scenarios!
Anyone who has been tasked with deploying a Splunk environment
Security professionals
SOC Analysts
Anyone who is serious about learning Splunk
Data Scientists and engineers
Anyone who wants to make a lot of money by boosting their resume with Splunk knowledge and experience

Complete Splunk Enterprise Certified Admin Course (NEW)

What you'll learn

Explore related topics

Course content

Introduction3 lectures • 13min

Splunk Components more in Depth1 lecture • 15min

Splunk Installation and best practices12 lectures • 42min

Splunk Apps and Add-Ons2 lectures • 18min

Splunk Configuration Files precedence and Directory Structure3 lectures • 21min

Splunk Indexes7 lectures • 59min

Splunk User Management2 lectures • 25min

Hands-On Labs: Deploy and configure Splunk platform in a distributed environment6 lectures • 1hr 20min

data collection methodology3 lectures • 28min

Forwarder Deployment Topologies in a Distributed Architecture Design4 lectures • 26min

Requirements

Description

Who this course is for: