This 9-hour course is designed for Splunk administrators. It covers topics and techniques for troubleshooting a standard Splunk distributed deployment using the tools available with Splunk Enterprise
This lab-oriented class is designed to help you gain troubleshooting experience before attending more advanced courses. You will debug a distributed Splunk Enterprise environment using the live system.
This course does not cover the issues surrounding Splunk Cloud, Splunk Clusters, or Splunk premium apps.
Please note that this class may run over two days, with 4.5 hour sessions each day for nine hours of total content.
Who should attend
This 9-hour module is designed for Splunk administrators.
This course is part of the following Certifications:
To be successful, students should have a solid understanding of the following modules:
- Splunk Fundamentals 1 (Retired)
- Splunk Fundamentals 2 (Retired)
Or the following single-subject modules:
- What is Splunk? (WIS)
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Scheduling Reports & Alerts (SRA)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
Student should also have completed the following modules:
- !Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
- Splunk Troubleshooting Methods and Tools
- Indexing Problems
- Input Configuration Problems
- Deployment Problems
- License, Upgrade, and User Management Problems
- Search Management Problems
- User Search Problems
- Understand the Splunk Support Model and its resources
- Identify the best practices for troubleshooting Splunk Enterprise
- List ways to gather useful Splunk diagnostic information
- Use Splunk diagnostic tools
- Identify common Splunk technical issues and solve them