SPLK-1003: Splunk Enterprise Certified Admin Certification Video Training Course
The complete solution to prepare for for your exam with SPLK-1003: Splunk Enterprise Certified Admin certification video training course. The SPLK-1003: Splunk Enterprise Certified Admin certification video training course contains a complete set of videos that will provide you with thorough knowledge to understand the key concepts. Top notch prep including Splunk SPLK-1003 exam dumps, study guide & practice test questions and answers.
SPLK-1003: Splunk Enterprise Certified Admin Certification Video Training Course Exam Curriculum
Introduction
-
1. Introduction1:00
Introduction to Splunk Enterprise
-
1. Introduction to Module 011:00
-
2. What is Splunk?5:00
-
3. Products of Splunk: Splunk Light2:00
-
4. Products of Splunk: Splunk Cloud2:00
-
5. Products of Splunk: Splunk Enterprise3:00
-
6. Products of Splunk: Hunk & Premium Apps5:00
-
7. Components of Splunk: Search Head2:00
-
8. Components of Splunk: Indexer1:00
-
9. Components of Splunk: Universal Forwarder2:00
-
10. Components of Splunk: Heavy Forwarder2:00
-
11. Components of Splunk: Deployment Server3:00
-
12. Components of Splunk: Cluster Master1:00
-
13. Splunk Package Downloads: Part 15:00
-
14. Splunk Package Downloads: Part 24:00
-
15. Splunk Package Downloads: Part 33:00
-
16. Splunk Add on and Application downloads5:00
-
17. Splunk GUI Overview : Part 16:00
-
18. Splunk GUI Overview : Part 25:00
-
19. Splunk GUI Overview : Part 36:00
-
20. Splunk GUI Overview : Part 46:00
-
21. Splunk GUI Overview : Part 55:00
-
22. Splunk GUI Overview : Part 67:00
-
23. Splunk Searching Basics : Part 16:00
-
24. Splunk Searching Basics : Part 26:00
-
25. Splunk Licensing3:00
-
26. Getting Help on Splunk Issues : Part 17:00
-
27. Getting Help on Splunk Issues : Part 22:00
-
28. Get 10 GB Free license of Splunk3:00
Designing Splunk Architecture
-
1. Splunk Visio Stencils usage7:00
-
2. Estimation of License required3:00
-
3. Evaluation : Search Head and Indexers5:00
-
4. Evaluation : Heavy Forwarder, License Manager and Deployment Server6:00
-
5. Estimation of Storage for Indexers5:00
-
6. Small Enterprise Architecture review6:00
-
7. Medium Enterprise Architecture review7:00
-
8. Large Enterprise Architecture review : Part 15:00
-
9. Large Enterprise Architecture review : Part 25:00
-
10. Understanding clustering and High Availability in Splunk8:00
-
11. Hardware Requirements for Splunk Architecture5:00
-
12. Capacity Planning for your Architecture2:00
Installation and Configuration of Splunk Components
-
1. Prerequisites for Splunk Installation : Part 15:00
-
2. Prerequisites for Splunk Installation : Part 29:00
-
3. Directory Structure of Splunk6:00
-
4. Configuration Hierarchy in Splunk6:00
-
5. Configuration Hierarchy in Splunk : Practical Example5:00
-
6. Testing Configuration Precedence5:00
-
7. Concluding Configuration Precedence5:00
-
8. Installation of Splunk Enterprise6:00
-
9. Installation of Splunk Universal Forwarder6:00
-
10. Installation of Splunk Search Head5:00
-
11. Installation of Splunk Indexers5:00
-
12. Installation of Splunk Heavy Forwarders and Deployment Servers6:00
-
13. Enable SSL on Splunk Enterprise Instance8:00
-
14. Enabling SSL from CLI5:00
-
15. Index, Indexes and Indexers5:00
-
16. Configuring Indexer: Enable Reciever5:00
-
17. Enabling Reciever from CLI and Configuration File Edit7:00
-
18. Default Index4:00
-
19. Index Creation From Splunk Web and Splunk CLI4:00
-
20. Index creation from Splunk Edit configuration file6:00
-
21. Configure Search head From Splunk Web6:00
-
22. Configure Search head From Splunk CLI4:00
-
23. Configure Search head From editing Configuration Files7:00
-
24. Configure Heavy Forwarder using Splunk Web and CLI7:00
-
25. Configure Heavy Forwarder using Splunk Configuration File Edit5:00
-
26. Configure Deployment Server From Splunk Web4:00
-
27. Configure Deployment Server From Splunk Configuration Edit5:00
-
28. Adding Clients to Deployment Server8:00
-
29. Deployment Client Config CLI and on Configuration Edit on Universal Forwarder8:00
-
30. Splunk License Manager Configuration5:00
-
31. Splunk Licensing Pool and Client Configuration8:00
Splunk Post Installation Activities : Knowledge Objects
-
1. Uploading Data to Splunk8:00
-
2. Adding Data to Splunk via configuration file edit5:00
-
3. Adding Data to Splunk via Splunk CLI3:00
-
4. Validation of On Boarded Data4:00
-
5. Source Sourcetype and Host Configuration7:00
-
6. Source Parameter Explaination1:00
-
7. Field Extraction Using IFX7:00
-
8. Field Extraction Using REX5:00
-
9. Adding Field Extraction to Search6:00
-
10. REGEX searching in Splunk5:00
-
11. Props Extract Command4:00
-
12. Props Report and Transforms5:00
-
13. Props.conf Location1:00
-
14. Eventtypes Creation and permission5:00
-
15. Eventtypes Use Case5:00
-
16. Tags Creation5:00
-
17. Manual Creation of Tags6:00
-
18. Lookups Creation in Splunk7:00
-
19. Searching Using Lookups in Splunk4:00
-
20. Lookups Use Case Example4:00
-
21. Creating Macros in Splunk8:00
-
22. Searching in Splunk5:00
-
23. Search Modes in Splunk8:00
-
24. Creating Alerts in Splunk5:00
-
25. Splunk Alert Condition and Sharing6:00
-
26. Editing Splunk alert and Alerts Actions4:00
-
27. Creating Splunk Reports5:00
-
28. Splunk Report Scheduling and Accelerating Reports5:00
-
29. Embeding Reports in External Applications5:00
-
30. Creating Dashboards in Splunk5:00
-
31. Adding Panels to Dashboards And adding Panel from Report5:00
Splunk Inbuilt & Advanced Visualizations
-
1. Editing Dashboard Using Source6:00
-
2. Dashboard Filters: Time Range5:00
-
3. Dashboard Filters: Text Box5:00
-
4. Dashboard Filters: Dropdown4:00
-
5. Dashboard Filters: Dynamic Filters8:00
-
6. Dashboard Drill down Example5:00
-
7. Dashboard Drilldown Configuration6:00
-
8. Dashboard Drilldown to Same dashboard5:00
-
9. What is a Splunk Workflow?4:00
-
10. Creating a Splunk Work Flow5:00
-
11. Demo of Splunk Work Flow Example2:00
-
12. Visualizations in Splunk5:00
-
13. Rest of the default Visualtization in Splunk7:00
-
14. Editing XML for Dashboards6:00
-
15. Adding Panel by Editing XML6:00
-
16. Out Of The Box Dashboards Examples6:00
-
17. Out Of The Box Journey Flow6:00
-
18. Exporting And Scheduled Dashboards7:00
Splunk Apps And Add-On's
-
1. What is an Add on?3:00
-
2. Installing Splunk Add on From Splunk Web7:00
-
3. Installing Splunk Add on From Splunk CLI4:00
-
4. Installation of Splunk App5:00
-
5. Disabling an App or Add on6:00
-
6. Creating your Own Splunk App3:00
-
7. Creating your Own Splunk App using Linux CLI6:00
-
8. Custom Navigation inside Apps : Part 15:00
-
9. Custom Navigation inside Apps : Part 27:00
-
10. Creating your Own Splunk App Via Splunk Web4:00
-
11. Custom Navigation inside Apps Using Splunk Web5:00
-
12. Custom Static Content Location for Apps5:00
-
13. Changing Custom Background of Login Page2:00
-
14. Custom Logo for the Splunk Login Page4:00
-
15. Customizing App Icon4:00
Forwarder Management And User Management
-
1. Splunk Forwarder Management3:00
-
2. Creating ServerClass.conf File4:00
-
3. ServerClass and DeploymentClient Configuration Files5:00
-
4. Apps on Deployment Server6:00
-
5. Deploying Apps using Deployment Server5:00
-
6. Creating Server Groups Using ServerClass.conf6:00
-
7. Creating Base Configurations5:00
-
8. Deploying Apps on Universal Forwarder Using Deployment Server3:00
-
9. Updating configuration and Deploying3:00
-
10. Forward Data out of the Splunk2:00
-
11. User Management in Splunk6:00
-
12. Creating Roles : Part 16:00
-
13. Creating Roles : Part 24:00
-
14. Creating Users : Part 11:00
-
15. Creating Users : Part 22:00
Splunk Indexer And Search Head Clustering
-
1. Introduction to Clustering and Indexer Clustering UseCase6:00
-
2. Search Head Clustering Use Case1:00
-
3. Single Site indexer Clustering2:00
-
4. Multisite Indexer Clustering3:00
-
5. Search Head Clustering1:00
-
6. Search Factor And Replication Factor2:00
-
7. Search Head Clustering Requirement Evaluation1:00
-
8. Heavy Forwarder Clustering2:00
-
9. Handson Indexer Clustering : part 015:00
-
10. Handson Indexer Clustering : part 025:00
-
11. Handson Indexer Clustering : part 035:00
-
12. Handson Indexer Clustering : part 045:00
-
13. Handson Indexer Clustering : part 056:00
-
14. Handson Multisite Indexer Clustering : Part 015:00
-
15. Handson Multisite Indexer Clustering : Part 025:00
-
16. Handson Multisite Indexer Clustering : Part 035:00
-
17. Handson Search Head Clustering : Part 015:00
-
18. Handson Search Head Clustering : Part 025:00
-
19. Handson Search Head Clustering : Part 035:00
-
20. Search Head Clustering Validation4:00
Splunk Advanced Concepts
-
1. Binding Splunk to an IP Address3:00
-
2. Changing Process Name of Splunk Processes3:00
-
3. Disabling Splunk Web Components5:00
-
4. Splunk CLI Selective Restarting3:00
-
5. Splunk CLI: ENABLE, DISABLE and ADD commands3:00
-
6. Splunk CLI: Show Commands3:00
-
7. Splunk CLI: BTOOL Usage9:00
-
8. Splunk Quick Hacks for Restarting Splunk Web Components3:00
-
9. Splunk Creating Datamodels5:00
-
10. Splunk Datamodels Accelerations4:00
-
11. Splunk Datasets and Searchs6:00
-
12. Splunk Universal Forwarder Scripted Deployments7:00
Building Splunk Enterprise Architecture on Amason AWS Under 60 Minutes
-
1. Introduction to building Enterprise Architecture on Amazon AWS6:00
-
2. Building Splunk Enterprise Architecture on Amason AWS Under 60 Minutes59:00
Splunk Use Cases Of All Industries
-
1. Security Use Case: SQL Injection Detection in Splunk16:00
Congrats: Completion of the Course
-
1. Congrats: All the best for your Careers and Future Splunk learnings1:00
About SPLK-1003: Splunk Enterprise Certified Admin Certification Video Training Course
SPLK-1003: Splunk Enterprise Certified Admin certification video training course by prepaway along with practice test questions and answers, study guide and exam dumps provides the ultimate training package to help you pass.
Installation and Configuration of Splunk Components
1. Prerequisites for Splunk Installation : Part 1
Before starting the installation of Splunk, we need to make sure a couple of prerequisites are met so that after the installation, Splunk should be able to run without any performance issues. Let's begin by discussing Fire Rules, which should be mainly focused on port 8000, which is a Splunk web port, and 8089, which is our Splunkdaemon, also known as the management port. The Splunk web port 8000 should be allowed for HTTP and HTTPS traffic.
There are a few more ports like KvStore, which is 8191, and app server ports like 8065, which are used in specific scenarios locally and shouldn't cause any trouble for our installation. To summarize, make sure HTTP and HTTPS are allowed on ports 80, 80, 89, port deployment, server, and other indexes, heavy forwarders and searches, and any other components of Splunk. One more important Firewall request to take into consideration is the "universal forwarder to index communication on port triple nine seven," that is, 9997, which is used to send logs to our indexes. This port is the default, but it can be customised to any other port, and that should be it for starting the installation once we have the firewall rules set.
So, now that we've completed the first requirement, let's move on to the next. Some of the processes in Linux are known to cause issues during Splunk's regular operations. So it is recommended by Splunk to disable some of these processes on Splunk servers. THPor Transparent Huge Pages is one such process that has been known to cause numerous issues when running alongside Splunk. So it is recommended by Splunk to disable the process before installing Splunk.
And this is the location of the file. If we have transparent huge pages installed on our Reddit machine or Sentos, this is where we can disable the entry in this file. Because we can see if we have Transparent Huge Pages installed or not in our cloud. Let me copy the location of the file. I'll check whether we have that file or the process installed. In our case, neither Transparent Huge Pages nor the THP are installed. It's safe to consider it disabled.
2. Prerequisites for Splunk Installation : Part 2
One more process to consider disabling is ourSELinux, which is also known as Secure Linux. If we do not want to completely disable Se Linux, we must allow Se Linux to run Splunk using other methods, such as whitelisting the Splunk process to be allowed or as an exception from running outside Se Linux. For this example and the simplicity of this course, we can see how to disable Sea Linux. This folder or file contains the Se Linux configurations. Let us see. I'll check for the contents of the file using the Linux command cat, followed by the location of the file. From this file, we notice that it is currently enabled. When you say "enforcing" in SELinux, it is clear that SELinux is enabled to disable. Open the file with any of the text editors available in Linux and change the value targeted. Or you can comment out the targeted value and change the enforcement to disabled. I'm going to set the Se Linux status to disabled. Once you have changed or disabled SELinux, it always requires a reboot to make the changes effective. We now have a disabled SL Linux letter instance. In the meantime, we'll move on to our next prerequisite. The IOPS Testor indexing machine comes next to test the provisioned. IOPS is greater than 200 IOPS, which was as recommended in our previous tutorial. We can test IOPS using a third-party utility known as Bonnie Plus Plus, which is used to test IOPS. You need to install Bonnie Plus Plus by default in Red on Linux, which we'll be using throughout our tutorial. Bonnie Plus Plus is not installed. We need to download this package, install it, and then test it for the IOPS for testing Bonnie Plus Plus. I've already installed Bonnie Plus Plus on our cloud instance. Let us see how we can measure IOPS using Bonnie Plus Plus. This will be your complete command to test your Bonnie Plus Plus, where iPhone D represents the mount points on which you will be installing Splunk. We will install Splunk on Opt and iPhone, as you requested two times the RAM for this instance. As of now, we have only one GB of RAM. Since it is our demo instance, we will multiply it by two and mention the ramp. iPhone U is the user who will be running these read or write operations on these mount points. Throughout the course We'll be creating Splunk as an application account for the Splunk application to run, and it is highly recommended that Splunk run as a non-privileged account such as Root. All you have to do is hit Enter. It will start simulating an IO. As of now, I will not hit Enter because we are going to kill our demo instance since it has just one gigabyte and probably 300 IOPS. Now, considering we have hit Enter, open up another terminal once you have logged in. Now that we've logged in, we can use iostat to check every second to see how many IOPS are in use. Because we are not performing any operations, the number of transactions per second is currently very low, or can be considered very low. You can probably leave Bonnie Plus Plus for ten to fifteen minutes if you see it after we hit enter and it starts simulating the read and write operations on our opt point. You'll most likely see 200—1300 here. Noting that we have achieved our IOPS requirement for a Splunk index Once we have verified the IOPS meets the required condition of being greater than 200 IOPS, we can proceed further to the next prerequisite of setting a limit.
The U Limit has a number of values to set as per Splunk recommendations. The link that we are using takes us straight to the documentation for Splunk. Simply search for "ulimit" options and set all of these options according to Splunk recommendations so that these limits are set on all Splunk instances for Splunk to run at peak performance. Considering we have set our U limits, let me check if any You Limit packages are installed on our Cloud machine; this is our present You Limit size. As you can see, You can start setting all these parameters as per recommendation.
Let us see. First, open the files. You limit iPhone N, which is set to 124 by default. It needs to be as per the recommendation set to 8192. This is as simple as that. Just mention the command, you'll see the value, and then take the recommended value from the Splunk portal and mention it next to the command so that it is set into the U limit. Once you have set all these parameters, we should be ready to install our first Splunk instance. Finally, have your licences ready so that once we complete our installation, we can configure the license.
3. Directory Structure of Splunk
Once we have completed downloading our Splunk packages, let's understand how the Splunk directory structure is placed and go through some of the most important directories by default in the Splunk home, which is referred to as optSplunk or C programme file Splunk in Windows and opt Splunk by default on Linux. It is totally customizable, and throughout this tutorial whenever we mention Splunk home, it will be either optSplunk or C programme file Splunk based on the OS we are using in the context. So let's open up an installation package or a Splunk installation package.
This is what a typical installation package looks like. As you can see from the start, we are using the RPM package from our downloads to go through the directory structure. This will be just inside our Splunk home that is configured to use Splunk. Inside of Splunk, we can see there is a bin directory, which is where all the executables of Splunk are placed. You see, there are a lot of Python executables, and there are scripts that will be run based on the Splunk process's invocation. And once we go inside the bin, there is a custom folder called "Scripts," which is used for placing user-created scripts. We will see how we can utilise this in future discussions. Let me go back to our plan.
The next important directory of Splunk is the Etc directory, where the complete configuration files of a Splunk instance resides under Etc.There are many important directories, like apps, where all the applications of Splunk are installed. The deployment server uses deployment apps to store all client applications and push them into the client master app. It is the indexer cluster, also known as the cluster master, which houses all cluster-related applications.
Slave apps that are used by the members of the cluster or the indexers for holding the configuration Disabled Apps: These are used by apps that have been disabled in the search and will be moved into disabled apps. And there is finally a system that holds all the configurations that are defined or predefined in a Splunk installation. Once you are actively using Splunk, you will become much more familiar with the directory structure of Splunk and get used to it. And here we are missing one more important directory in the Splunk home.
That is our where directory because it will be created when you launch Splunk for the first time. Inside Warcraft, there are two crucial locations: The two important locations inside War will be Splunk's home followed by wire log Splunk, and the second one will be where lib Splunk is. So these two are some of the most important directories under Splunk, which will be created upon starting off Splunk.
The warlock Splunk is where all the logs of Splunk applications are stored, and Lib Splunk is the default database location of Splunk, where all the passive data is stored along with the metadata information that should cover most commonly used directories, which are very important as part of our day-to-day activities as Splunk administrators or Splunk architects. The configuration files, or Splunk, have different hierarchies, and they always end with In our next discussion, we'll be discussing how this configuration file works and what the hierarchy of configuration is when Splunk starts up.
4. Configuration Hierarchy in Splunk.
The configuration file hierarchy that is planned at the beginning can be difficult to understand, but I'll try to make it as simple as I can and also let us test the configuration and validate how the hierarchy works. In our demo instance of Amazon, the hierarchy of Splunk configuration files is arranged as below, as per the hierarchy in Splunk. To overwrite configuration, the system localises the user with the highest privilege. For overwriting configuration, let's say you define some configuration in system local.
When I say system local, it will be under ATC system local, and whatever configuration you define in this directory will be overwritten across the configurations that are defined in these three locations. This will be your highest hierarchy for the Splunk configuration. The second is the local app local. The local app will be located in etc., etc. Apps. One of the apps, let's start with the default app search, does not yet have a local file, but we can create our own.
It will be visible in our demos plank instance, which has already been launched. So let's see if there are any. Let me change the font size. This should be clear enough. Yes, by now we know we'll be using an application account called Splunk throughout our tutorial for running our Splunk instance. Let me check whether we have a Splunk instance running. It is not running. Let me bring it up to start Splunk. This will be your command, the complete path, or you can go to this directory and use the Splunk utility with an start now the Splunk is up. Let's see, let's go to our Splunkhome, etc. apps search.
Locally, there are files that have been created, such as data models and data that the user or administrator has edited. So this is our app's local location, which is under etc. apps, and the app name followed by local. This is the second iOS configuration that Splunk overrides. The next is the app's default. Since we are seeing the search location, we'll see the same default location. I'll go one directory behind. Let me check the default directory. So here is our default directory. So this is the default application directory of application. It has a couple of configuration files, which it can overwrite upon system default.
The system default is our least hierarchical system, and local is the highest. Whatever you define here will be overwritten regardless of what is present in the other three places. Let me quickly go into System local, that is, Splunk home followed by etc. System local contains all the configuration; sorry, it should be System default, which contains all Splunk configurations. so that even if the user misses some of the configuration, it can start from the default configuration. Let's say a Splunk process starts up and chooses a port (http or https). It will first look for System local If it is there, it will ignore all three of these, even though they have mentioned customizing ports, but anything that is mentioned here will be ignored. Similarly, the next step for checking if it couldn't find the configuration for the HTTP or HTTPS ports here is to move to app local.
If it cannot find it here, it will proceed to the default app. If the user has not defined any of the customizations for the HTTP or HTTPS port, then it will automatically pick up from our Splunk default location, where all the configurations required for starting a Splunk instance are defined by default. So this is part of the installation package; you'll get all this default configuration so that Splunk, as soon as you install the package, will get all the configuration from your system default location. So this configuration can be overwritten from any of these locations.
5. Configuration Hierarchy in Splunk : Practical Example
Let's do a lab exercise where we rename the Splunk host name from all four locations. For example, here is the local system local. The VA command or VI editor I'll be using throughout this tutorial and subsequent tutorials for editing the configuration will be named.
If you are unfamiliar with VI, you can use any other editor, such as G Edit, which includes graphics, or Nano, which is similar to VI. You can also use Winch or other FTPtools to download this configuration edit in your Windows environment and then upload it to the server. I'll be using via Editor throughout this tutorial. Let me quickly get into System Local Directory, which is the highest priority. I'll be editing a configuration file called Inputs. As you can see, this is the file I'll be editing under System Local. I'll just rename the host so that we'll be able to see how the configuration works.
I'll just give it the value host under System Local so that when we see this entry in the spun log, we know it got the log from here. That will be our system locally. I laid out the same information with different values in one of the apps. That is a local input search configuration. So this is the Apps Local directory, which has the second highest priority. I will copy the same contents. I'll modify a little so that, for our understanding, it will be better. So this is our app's local directory. I'm opening a Pay file and pasting the same contents, but I'll change the system to "App local" so that we know if this host value is picked up. It means the configuration has been picked up by our second highest priority. Let me go to the default app, Apps.
It will be searched by default at Inputs.com. I'll change the default setting for this app. I'll save and close this file. We have now changed the system-local hostname configuration, the app-local hostname configuration, and the app default. Hostname configuration. Let us restart our Splunk instance; opt for Splunkbin in the Splunk utility, and hit restart. Let us try to log into Splunk by the time it restarts. Let us see. Is it done? Yes, it is done. It has been successfully restarted. Allow me to log in.
Prepaway's SPLK-1003: Splunk Enterprise Certified Admin video training course for passing certification exams is the only solution which you need.
Pass Splunk SPLK-1003 Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers As Seen in the Actual Exam!
30 Days Free Updates, Instant Download!
SPLK-1003 Premium Bundle
- Premium File 176 Questions & Answers. Last update: Dec 01, 2024
- Training Course 187 Video Lectures
- Study Guide 519 Pages
Free SPLK-1003 Exam Questions & Splunk SPLK-1003 Dumps | ||
---|---|---|
Splunk.real-exams.splk-1003.v2024-09-28.by.tommy.82q.ete |
Views: 93
Downloads: 145
|
Size: 2.99 MB
|
Splunk.braindumps.splk-1003.v2021-05-20.by.holly.54q.ete |
Views: 199
Downloads: 1355
|
Size: 69.78 KB
|
Splunk.testkings.splk-1003.v2020-08-22.by.venla.30q.ete |
Views: 339
Downloads: 1658
|
Size: 40.98 KB
|
Splunk.test-inside.splk-1003.v2019-09-18.by.hanna.36q.ete |
Views: 907
Downloads: 2244
|
Size: 46.07 KB
|
Student Feedback
Can View Online Video Courses
Please fill out your email address below in order to view Online Courses.
Registration is Free and Easy, You Simply need to provide an email address.
- Trusted By 1.2M IT Certification Candidates Every Month
- Hundreds Hours of Videos
- Instant download After Registration
A confirmation link will be sent to this email address to verify your login.
Please Log In to view Online Course
Registration is free and easy - just provide your E-mail address.
Click Here to Register