Cybe Security Awareness Program

Splunk User and Administrator Training

Course Overview

This SPLUNK Power User and Admin Training include concepts which are required for both SPLUNK Power Users and SPLUNK Administrators. By the end of this training, you will learn their roles, responsibilities and be ready for implementation.

The Training helps you work with Configuration files and settings, use Searching & Reporting commands, use various Knowledge objects, and finally create Dashboards for visualization with the help of real-life Use-Cases.

SPLUNK is leading Analytics tool which helps in Server Monitoring, Data Analytics & Data Visualization. SPLUNK captures, indexes, and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations. This training certifies and lets you grab the top paying SPLUNK Admin/ Power User jobs. This training also makes SPLUNK, the ideal strategic platform for companies looking to solve data analytics issues of any size.

Who Should Attend

The training program is ideal for those working in positions such as, but not limited to -

  • IT Operations, IT Monitoring, IT Support, & Data Center teams, Business Analysts and Data Analysts who want to gain knowledge of SPLUNK development for creating Apps and Dashboards

Course Duration

  • 40 Hours (5 Days * 8 Hours)

Course Content / Outline

Module 1 -Introduction to Machine Data & SPLUNK Basics


  • What is Machine Data & its challenges?
  • Need for SPLUNK and its features
  • SPLUNK Products and their Use-Case
  • Download and Install SPLUNK
  • SPLUNK Components: Search Head, Indexer, Forwarder, Deployment Server, & License Master
  • SPLUNK Architecture
  • SPLUNK Licensing options

Module 2 -Introduction to Machine Data & SPLUNK Basics


  • Introduction to Authentication techniques
  • User Creation and Management
  • SPLUNK Admin Role & Responsibilities
  • Indexes
  • Data Ageing
  • Introduction to SPLUNK configuration files
  • Managing the.conf files

Module 3 - Data Ingestion, SPLUNK Search, and Reporting Commands


  • Learn the various data onboarding techniques-Via flat filesand Via UF (Universal Forwarder)
  • Implement Basic search commands -Fields, Table, Sort, Rename, Search
  • Understand the use of time ranges while searching
  • Learn Reporting & Transforming commands -Top, Rare, Stats, Chart, Timechart, Dedup, Rex

Module 4 -Knowledge Objects I


  • SPLUNK Knowledge
  • Categories of SPLUNK Knowledge
  • Fields
  • Field extraction
  • Event types
  • Transactions

Module 5 -Knowledge Objects II


  • What are lookups?
  • Defining a lookup
  • Configuring an automatic lookup
  • Using the lookup in searches and reports
  • Workflow action
  • Tags
  • Creating and managing tags
  • Defining and searching field aliases
  • Overview of Data Model

Module 6 -SPLUNK Alerts, Visualizations, Reports, & Dashboards


  • Create Alerts triggered on certain conditions
  • Different SPLUNK Visualizations
  • Create Reports with search results
  • Create Dashboards with different Charts and other visualizations
  • Set permissions for Reports and Dashboard
  • Create Reports and schedule them using cron schedule
  • Share Dashboard with other teams

Module 7 -SPLUNK Clustering Techniques


  • Install SPLUNK on Linux OS
  • Use the frequently used SPLUNK CLI commands
  • Learn the best practices while setting up a Clustering environment
  • SPLUNK Clustering
  • Implement Search Head Clustering
  • Implement Indexer Clustering
  • Deploy an App on the Search Head cluster