Course Content
This 9-hour module focuses on large enterprise deployments. Students learn steps and best practices for planning, data collection and sizing for a distributed deployment. Workshop-style labs challenge students to make design decisions about an example enterprise deployment.
Please note that this class may run across two days, with 4.5 hour sessions each day.
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students should have a solid understanding of the following modules:
- Fundamentals 1 & 2 (Retired)
Or the following single-subject modules:
- What is Splunk? (Retired)
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
Students should also understand the following courses:
Course Objectives
- Requirements definition
- Index and resource planning
- Clustering Overview
- Forwarder and Deployment
- Integration
- Performance Monitoring and Tuning
- Use Cases
Outline: Architecting Splunk Enterprise Deployments (ASED)
Topic 1 – Introduction
- Overview of the Splunk deployment planning process and associated tools
Topic 2 – Project Requirements
- Identify critical information about environment, volume, users, and requirements
- Review checklists and resources to aid in collecting requirements
Topic 3 – Infrastructure Planning: Index Design
- Design and size indexes
- Estimate storage requirements
- Identify relevant apps
Topic 4 – Infrastructure Planning: Resource Planning
- List sizing factors for servers
- Describe how reference hardware is used to scale deployments
- Identify the impact of clustering for index replication and for search heads
Topic 5- Clustering Overview
- Describe the different clustering capabilities
- Introduce the concepts of indexer and search head clustering
Topic 6 - Forwarder and Deployment Best Practices
- Review types of forwarders
- Describe how to manage forwarder installation
- Review configuration management for all Splunk components, using Splunk deployment tools
- Provide best practices for a Splunk deployment
Topic 7 - Integration
- Describe integration methods
- Identify common integration points
Topic 8 – Performance Monitoring and Tuning
- Use the Monitoring Console to track the performance of your test environment
- List options to fine tune performance for production environment
Topic 9 – Use Cases
- Provide example architecture topologies
- Discuss different architecture options based on use case