Indexers, Clusters, and Advanced Search

Personnel at all levels of an enterprise seeking to attain competency in Splunk

Prerequisite
None

Expected Duration
103 minutes

Description
In large server deployments, it may be desirable to achieve a higher level of logging throughput by utilizing multiple indexers in clusters. Depending on data retention requirements, backing up indexes and data may be of importance, Splunk provides services to facilitate this. In this course, you will learn how to scale a Splunk implementation using index clusters. You’ll also learn how to back up and restore Splunk indexes and data as well as advanced search methods.

Objective

Multiple Indexes and Storage

  • start the course
  • configure multiple indexes in Splunk
  • remove data that has been indexed or indexes entirely
  • change the location of the Splunk index database
  • configure the size and disk usage of Splunk indexes

Backing Up Index Data

  • identify the Splunk backup requirements
  • configure how Splunk handles aged data
  • archive the indexed Splunk data for storage
  • restore previously archived Splunk data

Indexer Clusters

  • describe the steps in deploying indexer clusters
  • enable the Splunk indexer cluster master node
  • enable the Splunk peer nodes
  • configure a Splunk node as a search head
  • configure Splunk to use forwarders with the Indexer Cluster

Managing the Indexer Cluster

  • access the dashboard of the Splunk cluster master
  • access the Splunk dashboard of the peers and the search head
  • remove a Splunk peer from operation for maintenance
  • restart a single Splunk node or an entire cluster

Advanced Search Topics

  • use the Splunk search command to find events
  • use the data fields to find Splunk events
  • control the indexes used to perform a search and who has access to them
  • utilize the timeline view to analyze Splunk events
  • define the types of events for data classification
  • create Splunk macros to simplify searches
  • create a secondary search on Splunk results
  • use the Splunk patterns tab to identify data patterns

Practice: Manage Indexes

  • manage multiple nodes in Splunk

MONTHLY SUBSCRIPTION

$129/month
 

ANNUAL SUBSCRIPTION

$1295/year

Multi-license discounts available for Annual and Monthly subscriptions.