Splunk
Troubleshooting Splunk Enterprise
The course covers topics and techniques for troubleshooting a standard Splunk distributed deployment using the tools available with Splunk Enterprise.
This course may be delivered in one day or, two days of 4.5 hour sessions.
- Level
- Intermediate
- Version
- 9.4
- Duration
- 1 day
- Language
- EN
- Course code
- SP-TSE
Audience
Administrators
Prerequisites
To be successful, students must have completed these Splunk Education course(s) or have equivalent working experience:
- Intro to Splunk
- Using Fields (SUF)
- Introduction to Knowledge Objects
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
Additional courses and/or knowledge in these areas are also highly recommended:
Outline
Module 1 – Splunk Troubleshooting Methods and Tools
- Describe the Splunk Troubleshooting Approach
- List Splunk Diagnostic Resources and Tools
- Create and Splunk a Diag
- Use RapidDiag
Module 2 – Indexing Problems
- Discover Splunk Deployment Topology and its Server Roles
- Identify Where to Check the Index-Time Pipeline Status
- Use the metrics.log to Clarify the Index-Time Problem
Module 3 – Input Configuration Problems
- Data Input Issues
- Troubleshooting Inputs with the Monitoring Console
Module 4 – Deployment and Forwarder Problems
- Deployment Server Issues
- Forwarding and Receiving Issues
Module 5 – Search Management Problems
- Troubleshoot Distributed Search Issues
- Identify Job Scheduling Problems
- Learn to Diagnose Crashing Problems
- Describe How to Prioritize Resources for Critical Splunk Processes
Module 6 – User Search Problems
- Identify the Types of Search Problems
- Isolate and Troubleshoot Search Problems