SPLUNK for SOC & Cyber Security Professionals Training with Certification

SPLUNK for SOC & Cyber Security Professionals Training

Course Overview

This Splunk User and Admin Training includes concepts which are required for both Splunk Users and Splunk Administrators. By the end of this training, you will learn their roles, responsibilities and be ready for implementation.

This training includes various aspects of Splunk installation, configuration, Syslog Server, log analysis, Splunk dashboard, installation, configuration of Splunk, deploying Splunk search, monitor, index, report and analysis.

Splunk User (Developer) training teaches you how to search and navigate in Splunk, use fields, get statistics from your data, create reports, dashboards, lookups, and alerts. Scenario-based examples and hands-on challenges will enable you to create robust searches, reports, and charts. It will also introduce you to Splunk's datasets features and Pivot interface.

Splunk Data Administrators training teaches you how to getting data into Splunk Indexers. The course provides the knowledge of Splunk forwarders and methods to get remote data into Splunk indexers. It covers installation, configuration, management, monitoring, and troubleshooting of Splunk forwarders and Splunk Deployment Server components.

Splunk System Administrators teaches you how to manage Splunk Enterprise environment. The course provides the knowledge of Splunk license manager, indexers and search heads. It covers configuration, management, and monitoring core Splunk Enterprise components.

After completing of this training program, you should be able to:

  • Understand Splunk Power User/ Admin concepts.
  • Apply various Splunk techniques to visualize data using different graphs and dashboards.
  • Implement Splunk in the organization to Analyze and Monitor systems for operational intelligence.
  • Configure alerts and reports for monitoring purposes.
  • Troubleshoot different application logs issues using SPL (Search Processing Language).
  • Implement Splunk Indexers, Search Heads, Forwarder, Deployment Servers & Deployers.

Who Should Attend

The training program is ideal for those working in positions such as, but not limited to -

  • IT Operations, IT Monitoring, IT Support, & Data Center teams.
  • Data Analysts who want to gain knowledge of Splunk development for creating Apps and Dashboards

Course Duration

  • 40 Hours (5 Days * 8 Hours)

Course Content / Outline

  • Module 1 - Introduction to Machine Data & SPLUNK Basics
    • What is Machine Data & its challenges?
    • Need for SPLUNK and its features
    • SPLUNK Products and their Use-Case
    • Download and Install SPLUNK
    • SPLUNK Components: Search Head, Indexer, Forwarder, Deployment Server, & License Master
    • SPLUNK Architecture
    • SPLUNK Licensing options
  • Module 2 - User Management & SPLUNK Configuration Files
    • Introduction to Authentication techniques
    • User Creation and Management
    • SPLUNK Admin Role & Responsibilities
    • Indexes
    • Data Ageing
    • Introduction to SPLUNK configuration files
    • Managing the .conf files
  • Module 3 - Data Ingestion, SPLUNK Search, and Reporting Commands
    • Learn the various data onboarding techniques - Via flat files and Via UF (Universal Forwarder)
    • Implement Basic search commands - Fields, Table, Sort, Rename, Search
    • Understand the use of time ranges while searching
    • Learn Reporting & Transforming commands - Top, Rare, Stats, Chart, Timechart, Dedup, Rex
  • Module 4 - Knowledge Objects I
    • SPLUNK Knowledge
    • Categories of SPLUNK Knowledge
    • Fields
    • Field extraction
    • Event types
    • Transactions
  • Module 5 - Knowledge Objects II
    • What are lookups?
    • Defining a lookup
    • Configuring an automatic lookup
    • Using the lookup in searches and reports
    • Workflow action
    • Tags
    • Creating and managing tags
    • Defining and searching field aliases
    • Overview of Data Model
  • Module 6 - SPLUNK Alerts, Visualizations, Reports, & Dashboards
    • Create Alerts triggered on certain conditions
    • Different SPLUNK Visualizations
    • Create Reports with search results
    • Create Dashboards with different Charts and other visualizations
    • Set permissions for Reports and Dashboard
    • Create Reports and schedule them using cron schedule
    • Share Dashboard with other teams
  • Module 7 - SPLUNK Clustering Techniques
    • Install SPLUNK on Linux OS
    • Use the frequently used SPLUNK CLI commands
    • Learn the best practices while setting up a Clustering environment
    • SPLUNK Clustering
    • Implement Search Head Clustering
    • Implement Indexer Clustering
    • Deploy an App on the Search Head cluster

Course related details



Contact us

  • Codec Networks ready to help you.visit our HELP CENTER for any assistance

Live Feed & Resources