Indexers, Clusters, and Advanced Search


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
In large server deployments, it may be desirable to achieve a higher level of logging throughput by utilizing multiple indexers in clusters. Depending on data retention requirements, backing up indexes and data may be of importance, Splunk provides services to facilitate this. In this course, you will learn how to scale a Splunk implementation using index clusters. You'll also learn how to back up and restore Splunk indexes and data as well as advanced search methods.

Target Audience
Personnel at all levels of an enterprise seeking to attain competency in Splunk

Prerequisites
None

Expected Duration (hours)
1.7

Lesson Objectives

Indexers, Clusters, and Advanced Search

  • start the course
  • configure multiple indexes in Splunk
  • remove data that has been indexed or indexes entirely
  • change the location of the Splunk index database
  • configure the size and disk usage of Splunk indexes
  • identify the Splunk backup requirements
  • configure how Splunk handles aged data
  • archive the indexed Splunk data for storage
  • restore previously archived Splunk data
  • describe the steps in deploying indexer clusters
  • enable the Splunk indexer cluster master node
  • enable the Splunk peer nodes
  • configure a Splunk node as a search head
  • configure Splunk to use forwarders with the Indexer Cluster
  • access the dashboard of the Splunk cluster master
  • access the Splunk dashboard of the peers and the search head
  • remove a Splunk peer from operation for maintenance
  • restart a single Splunk node or an entire cluster
  • use the Splunk search command to find events
  • use the data fields to find Splunk events
  • control the indexes used to perform a search and who has access to them
  • utilize the timeline view to analyze Splunk events
  • define the types of events for data classification
  • create Splunk macros to simplify searches
  • create a secondary search on Splunk results
  • use the Splunk patterns tab to identify data patterns
  • manage multiple nodes in Splunk

    • Course Number:
    df_oifs_a05_it_enus

    Expertise Level
    Beginner