Splunk Deep Dive

Course

May 13th, 2019

Intro Video

Photo of Myles Young

Myles Young

BigData Training Architect II in Content

I am a father and husband with a passion for tech. I have large-scale enterprise IT experience in network security, agile development, middleware, QA, system reliability engineering, and data infrastructure engineering. I have worked in DevOps for most of my IT career with a focus on using automation and big data technologies for operational analytics and log aggregation to further support CI/CD pipelines. I have a great appreciation for distributed systems and finding non-obvious answers in mountains of data. I am excited to be working at Linux Academy where I get to share what I've learned with our awesome students!

Length

08:36:57

Difficulty

Intermediate

Course Details

As one of the early log aggregation products in the IT industry, Splunk has remained a popular choice amongst system administrators, engineers, and developers for operational analytics. Whether you are aggregating log files, system resource utilization metrics, or application data, Splunk is there to centralize your IT data for easy search and visualization.

This course serves as in introduction to Splunk Enterprise. After getting familiar with some basic terminology and components, you will get to follow along by setting up your own standalone Splunk instance through the Linux Academy Cloud Playground. With your own instance, you can follow along as we secure our standalone Splunk instance, configure monitoring and alerting, and finally index some log data to perform search and visualization analysis.

Syllabus

Introduction

Getting Started

Course Overview

00:02:37

Lesson Description:

Let's talk briefly about what you can expect from this course. I will address who this course is targeted to, what skills you should have before taking this course, and give a quick synopsis of the course syllabus to give you a better idea of what you will be learning and doing.

About the Author

00:00:20

Lesson Description:

Hello! Welcome to my Splunk Deep Dive course. This is just a short introduction video about me so that you can get to know me a little bit and have a face behind the voice.

Splunk Enterprise Overview

00:04:58

Lesson Description:

Before we get started with deploying and using Splunk Enterprise, it is important to be familiar with some basic terms and components. In this lesson, we will cover the important terms that you will want to understand as we use them throughout the course quite extensively. We will also explain the main components that make up Splunk, like forwards, indexers, and search heads.

Administer

Deploy

Splunk Enterprise Installation Recommendations

00:18:39

Lesson Description:

Before we can deploy Splunk, we need to first talk about some basic installation requirements. Also, to help you capacity plan for your own Splunk installations, we need to talk about some design considerations in order to develop an efficient and appropriately sized cluster for your specific use case.

Standalone Splunk Enterprise Deployment

00:13:31

Lesson Description:

We finally get our hands dirty by deploying a standalone Splunk Enterprise instance to our Linux Academy cloud server! To use the same version of Splunk as me, use this link: Splunk 7.2.4.2. Feel free to follow along using your own Linux Academy cloud server as we exercise the following: Spin up a Linux Academy cloud serverCreate a Splunk account and download the installer RPMDeploy a standalone Splunk Enterprise instanceSeed the administrator credentialsEnable auto-start on system bootBrowse the Splunk web console

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:30:00

Secure

Splunk Enterprise Security Overview

00:07:49

Lesson Description:

Before we jump in and start implementing some better security features in our standalone Splunk Enterprise instance, let's talk a little bit about some of the security features Splunk has, in addition to some best practices you'll want to implement in your production environments.

Secure Splunk Enterprise

00:12:57

Lesson Description:

Security is certainly a very important aspect to any IT service and even more so with data infrastructure. Data integrity and confidentiality is paramount to obtaining and retaining customer trust and business. Let's implement a few security measures on our standalone Splunk Enterprise instance. Follow along with me using your Linux Academy cloud server as we exercise the following: Enable HTTPSCreate a limited access userHarden the password policy

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:30:00

Monitor

Splunk Enterprise Monitoring Console

00:11:46

Lesson Description:

We talk a lot about capacity planning and experimenting to determine optimal cluster design in this course. So, how do we get access to the information to actually do this? Well, with the Splunk Enterprise monitoring console. Follow along using your Linux Academy cloud server as we exercise the following: Use the Splunk monitoring console to monitor the machine resource utilizationUse the Splunk monitoring console to monitor instance resource utilizationPerform a comprehensive health check on your Splunk cluster

Splunk Enterprise Alerting

00:06:09

Lesson Description:

Collecting tons of data from your environments is really great and provides a ton of monitoring and troubleshooting value, but how do I configure Splunk to tell me when there is something important happening so that I don't have to watch my data 24/7? Using alerts in Splunk Enterprise will allow us to do just that. Get alerts about your Splunk instance itself from resource utilization to licensing quotas. Then, create your own alerts backed by saved searches to trigger some actions based on a custom threshold.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

02:00:00

Index

Splunk Enterprise Data Indexing and Analysis

00:11:55

Lesson Description:

Let's really get our hands dirty in this video where we will actually start to demonstrate the real value of Splunk by indexing some data and analyzing it through search and visualizations. Our Splunk cloud server should have been online for a little while now so let's index the Linux secure log and see what the internet has been up to in regard to our cloud server.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

02:00:00

Conclusion

Final Steps

What's Next?

00:05:25

Lesson Description:

Are you interested in data-related jobs? Are you wondering what to learn next? Well, let's talk about some other technologies and concepts that play nicely with Splunk and data-related job listings.

Get Recognized

00:00:46

Lesson Description:

Learn how to get involved with our growing community of awesome students and get recognized for your hard work!