Splunk Enterprise Cluster Administration

Splunk administrators.

To be successful, students must have completed these Splunk Education course(s) or have equivalent working knowledge:

• Intro to Splunk
• Using Fields (SUF)
• Introduction to Knowledge Objects
• Creating Knowledge Objects (CKO)
• Creating Field Extractions (CFE)
• Splunk Enterprise System Administration (SESA)
• Splunk Enterprise Data Administration (SEDA)
• Troubleshooting Splunk Enterprise (TSE)

Additional courses and/or knowledge in these areas are also highly recommended:

• Enriching Data with Lookups (EDL)
• Data Models (SDM)

Module 1 – Overview of Large-scale Splunk Deployment

• Identify factors that affect large-scale deployment design
• Describe approaches to scaling Splunk Enterprise
• Configure Splunk License Manager

Module 2 – Deploying Single-site Indexer Clusters

• Identify indexer cluster states
• Define replication factor and search factor
• Implement a single-site indexer cluster

Module 3 – Deploying Multisite Indexer Clusters

• Define site replication factor and site search factor
• Define search affinity
• Implement a multisite indexer cluster

Module 4 – Updating Indexer Cluster Peer Configurations

• Distribute configurations and apps across peers

Module 5 - Managing and Monitoring Indexer Clusters

• Enable replication for clustered indexes
• Configure Monitoring Console for indexer cluster environment

Module 6 – Configuring Indexer Discovery on Forwarders

• Configure indexer discovery
• Configure indexer acknowledgment
• Configure forwarder site failover

Module 7 – Deploying Search Head Cluster

• Configure a search head cluster
• Connect clustered and non-clustered indexers

Module 8 – Managing and Monitoring Search Head Clusters

• Deploy configuration bundles to search head cluster members
• Manage captaincy and member addition, removal and upgrades

Module 9 – Using KV Store in a Search Head Cluster

• Enable KV Store collection replication in a search head cluster
• Monitor KV Store status with Monitoring Console