The Complete Splunk Enterprise Certified Admin Course (2022)
- Description
- Curriculum
- FAQ
- Reviews
I am going to get you to the point to be an Expert on the Splunk Technology so you are not going to only pass this exam, but also to help you become a subject matter expert in the world of SIEM.
This Course is designed specifically for you, and I have divided it into milestones, each milestone starts with a concept on a specific Splunk topic/functionality so you can grasp it and then we end the section with a demo lab. At the end of this course, I walk you through a life scenario where we will simulate different use cases from a customer’s perspective and we start building our lab from the design aspect, then we move to the deployment phase and finally we implement those use cases by deploying different apps as well as creation of custom app which are part of the data onboarding process.
The best hands-on labs course for learning Splunk and crack the Splunk enterprise Certified Admin Course, the leader in real-time monitoring, log management, and SIEM (security information and event management).
Your instructor is Saif Al-Shoker, a Splunk Certified core Consultant and Architect with over 10 years of experience in the security domain, 5 years splunking and hold two master degrees.
Don’t buy poor-quality courses! This course is a high quality that I will take you step by step to successfully deploy Splunk in a distributed architecture design, through engaging video tutorials and teach you everything you need to know to be a successful Splunk Administrator, please check the content.
Look no further ! This is the most comprehensive full LAB implementation —course that covers the latest versions of Splunk Enterprise
In this class, we will cover everything on the exam blueprint. We will provide you with the tools you need to pass the exam and get certified with Tons of Labs!
Whether you’ve inherited a Splunk environment, are building one from scratch, or are simply curious about Splunk, this course was designed specifically for you!
We’ll cover it all…
I remember my first time when I started to learn Splunk, I didn’t know where to start and with all the information out there makes it even harder to grasp, so today I am putting my self in your shoes to help you conquer this complexity .so I have designed this course specially for you
-
6
Splunk Deployment Prerequisites -
7
LAB: Deploy Splunk on a Linux Machine
-
8
LAB: Spunk Best Practices - Disable Transparent Huge Pages on Linux
-
9
LAB: Spunk Best Practices - Increase ulimit on Linux
-
10
LAB: Spunk Best Practices - Configure Splunk Enterprise to start at boot time
-
11
LAB: Spunk Best Practices - Post Installation Health Check
-
12
Deploy Splunk on a Windows Machine
-
25
LAB: Discuss and deploy the Universal Forwarder on Linux
install and configure the Universal Forwarder
-
26
LAB: Configure the UF for monitoring input and forward the logs to the Indexer
-
27
LAB: Discuss and configure the Indexer for log receiving
-
28
LAB: Discuss and deploy the Universal Forwarder on a windows machine
-
29
LAB: configure the Indexer and deploy Windows App on the UF and the Indexer
-
30
LAB: Discuss and deploy the Search Head as part of the distributed Architecture
-
34
Data consolidation and Load balancing topology (introduction to Event breaking)
In this section I will provide an introduction to how to forward the data from the Universal Forwarders in a data consolidation topology as well as in a load balancing fashion. Also, I will introduce the concept of event breaking on the Universal Forwarder to make the universal forwarder aware on where to break the data so the load balancing will happen smoothly.
-
35
Discuss forwarding the data based on Routing and filtering
-
36
Forwarding the data to the Indexing tier via Intermediate Forwarders
-
37
Discussion on Why using Universal Forwarders over the Heavy Forwarders?
-
40
Introduction to data inputs ( data collection methodology )
-
41
LAB: Discuss and deploy the Universal Forwarder and set the monitoring inputs
-
42
LAB: Configure the UF to monitor specific files
-
43
LAB: Introduction to file pathname wildcards & host_regex & host_segment concept
-
44
LAB: Introduction to using whitelist to include files ( monitor inputs )
-
45
LAB: Configure the Firewall to forward the logs to the UF ( Network Input )
-
46
LAB: Discuss and implement Scripted Inputs
-
47
LAB: Discussion and Implementation of the HTTP Event Collector
-
48
Lab setup Overview
-
49
LAB: Introduction to AWS and Deploy Splunk Instances on AWS
-
50
Splunk Deployment Walkthrough in a distributed Environment
-
51
LAB: Deploy Splunk Components and forward the logs to the indexing Tier
-
52
LAB: Deploy UFs, IFs (Linux), UF (Windows) & join them to the Deployment Server
in this section I will start deploying the Universal Forwarders on Linux machine as well as deploying the Intermediate Forwarders on Linux and will end the lesson with deploying the Universal forwarder on Windows and join them all to the Deployment Server
-
53
LAB: Deploy Base Apps to the UFs, IFs & UF on Windows via the Deployment Server
In this section, I will walk you through how to configure our Base Apps to instruct the Universal Forwarders to load balance the data to the Intermediate Forwarders and then set the Intermediate Forwarders to on listen mode and forward the data to the indexing Tier, for this deployment, we will use the Deployment Server as our centralized tool to do this job for us.
-
54
LAB: Implement different use cases on the Universal Forwarders
In this section, I will implement different use cases
1. Deploy the Linux TA on Universal Forwarder 2 and activate the monitoring inputs and forward the data to the indexing Tier via the Intermediate Forwarders
2. Deploy the Windows TA on Universal Forwarder installed on a windows Machine and activate some monitoring inputs as well as some scripted inputs and forward the data to the indexing Tier via the Intermediate Forwarders
3. Deploy the Linux TA on Universal Forwarder 1 and activate the scripted inputs and forward the data to the indexing Tier via the Intermediate Forwarders
all the above will be done via the Deployment Server serving those Universal Forwarders ( Deployment Clients )
-
55
LAB: Deploy the heavy forwarder via the DS and forward Fortigate Firewall Logs
In this section, I will walk you through how to deploy the Heavy Forwarder first and configure it on listening mode as well as deploying the Fortigate TA , then a second step, we will configure the fortigate to forward the logs via syslog to this Heavy Forwarder. in this use case, the heavy forwarder is regarded as a centralized syslog server for network input
