• No products in the cart.

Splunk Enterprise Data Administration Course Description

This 3 day Splunk enterprise data admin course is designed for system administrators who are responsible for getting data into Splunk Indexers. The course provides the fundamental knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.

Splunk is a software that enables and manages search data from any application, server, and network device in no time. Splunk makes machine data reachable, utilizable and helpful to everyone. It’s the secure way to examine the enormous streams of machine data produced by technology infrastructure and IT systems —virtual, physical, and in the cloud.


Splunk Enterprise Data Administration Course Learning Outcomes;

  • Deploy forwarders with Forwarder Management
  • Splunk Configuration Files
  • Configure common Splunk data inputs
  • Customize the input parsing process


Splunk Enterprise Data Admin Training – Suggested Audience

Suggested audience are;

  • Software Developers
  • System Administrators
  • Search analysts
  • Database experts
  • Administrators


Splunk Enterprise Data Administration Training – Prerequisites


Strongly Recommended:


Splunk Enterprise Data Administration In-house/Corporate Training

If you have a group of 5-6 participants, apply for in-house training. For commercials please send us an email with group size to

Course Curriculum

Module 1 - Introduction to Data Administration
Splunk overview Details 00:00:00
Identify Splunk data administrator role Details 00:00:00
Module 2 - Getting Data In - Staging
List the four phases of Splunk Index Details 00:00:00
List Splunk input options Details 00:00:00
Describe the band settings for an input Details 00:00:00
Module 3 - Configuring Forwarders
Understand the role of production Indexers and Forwarders Details 00:00:00
Understand the functionality of Universal Forwarders and Heavy Forwarders Details 00:00:00
Configure Forwarders Details 00:00:00
Identify additional Forwarder options Details 00:00:00
Module 4 - Forwarder Management
Explain the use of Forwarder Management Details 00:00:00
Describe Splunk Deployment Server Details 00:00:00
Manage forwarders using deployment apps Details 00:00:00
Configure deployment clients Details 00:00:00
Configure client groups Details 00:00:00
Monitor forwarder management activities Details 00:00:00
Module 5 - Monitor Inputs
Create file and directory monitor inputs Details 00:00:00
Use optional settings for monitor inputs Details 00:00:00
Deploy a remote monitor input Details 00:00:00
Module 6 - Network and Scripted Inputs
Create network (TCP and UDP) inputs Details 00:00:00
Describe optional settings for network inputs Details 00:00:00
Create a basic scripted input Details 00:00:00
Module 7 - Agentless Inputs
Identify Windows input types and uses Details 00:00:00
Understand additional options to get data into Splunk Details 00:00:00
HTTP Event Collector Details 00:00:00
Splunk App for Stream Details 00:00:00
Module 8 - Fine Tuning Inputs
Understand the default processing that occurs during input phase Details 00:00:00
Configure input phase options, such as sourcetype fine-tuning and character set encoding Details 00:00:00
Module 9 - Parsing Phase and Data
Understand the default processing that occurs during parsing Details 00:00:00
Optimize and configure event line breaking Details 00:00:00
Explain how timestamps and time zones are extracted or assigned to events Details 00:00:00
Use Data Preview to validate event creation during the parsing phase Details 00:00:00
Module 10 - Manipulating Raw Data
Explain how data transformations are defined and invoked Details 00:00:00
Use transformations with props.conf and transforms.conf to: Details 00:00:00
Mask or delete raw data as it is being indexed Details 00:00:00
Override sourcetype or host based upon event values Details 00:00:00
Route events to specific indexes based on event content Details 00:00:00
Prevent unwanted events from being indexed Details 00:00:00
Use SEDCMD to modify raw data Details 00:00:00
Module 11 - Supporting Knowledge Objects
Create field extractions Details 00:00:00
Configure collections for KV Store Details 00:00:00
Manage Knowledge Object permissions Details 00:00:00
Control automatic field extraction Details 00:00:00
Module 11 - Creating a Diag
Identify Splunk diag Details 00:00:00
Using Splunk diag Details 00:00:00

Course Reviews


  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.