Splunk Enterprise Cluster Administration (SCLA)

 

Course Overview

This 13.5-hour course is for experienced Splunk Enterprise administrators new to Splunk Clusters. The course provides the fundamental knowledge of deploying and managing Splunk Enterprise in a clustered environment. While Splunk Clusters are supported in Windows environments, the class lab environment is running Linux instances only.

Please note that this class may run over three days, with 4.5 hour sessions each day.

Certifications

This course is part of the following Certifications:

Prerequisites

To be successful, students should have a solid understanding of the following courses:

Course Objectives

  • Identify factors affecting large-scale Splunk deployments
  • Deploy and configure single- and multi-site indexer clusters
  • Deploy and configure a Splunk search head cluster
  • Deploy apps and configuration bundles in Splunk clusters
  • Manage KV store collections and lookups in Splunk clusters
  • Monitor and identify clustering issues with Monitoring Console
  • Scale Splunk indexer cluster with SmartStore

Outline: Splunk Enterprise Cluster Administration (SCLA)

Module 1 – Large-scale Splunk Deployment Overview

  • Identify factors that affect large-scale deployment design
  • Describe approaches to scaling Splunk Enterprise
  • Configure Splunk License Manager

Module 2 – Single-site Indexer Cluster

  • Identify indexer cluster states
  • Define replication factor and search factor
  • Implement a single-site indexer cluster

Module 3 – Multisite Indexer Cluster

  • Define site replication factor and site search factor
  • Define search affinity
  • Implement a multisite indexer cluster

Module 4 – Indexer Cluster Management Administration

  • Distribute configurations and apps across peers
  • Enable replication for clustered indexes
  • Configure Monitoring Console for indexer cluster environment

Module 5 – Forwarder Management

  • Configure indexer discovery
  • Configure indexer acknowledgment
  • Configure forwarder site failover

Module 6 – Search Head Cluster

  • Configure a search head cluster
  • Connect clustered and non-clustered indexers

Module 7 – Search Head Cluster Management an Administration

  • Deploy configuration bundles to search head cluster members
  • Manage captaincy and member addition, removal and upgrades

Module 8 – KV Store Collection Management

  • Enable KV Store collection replication in a search head cluster
  • Monitor KV Store status with Monitoring Console

Module 9 – SmartStore Implementation

  • Identify use cases for deploying SmartStore
  • Implement SmartStore in indexer cluster

Prices & Delivery methods

Online Training

Duration
3 days

Price
  • US $ 1,500
  • Splunk Training Units: 150 SPC
Enroll now
Request a date
Classroom Training

Duration
2 days

Price
  • United States: US $ 1,500
  • Splunk Training Units: 150 SPC
Enroll now
Request a date

Click on town name or "Online Training" to book Schedule

This is an Instructor-Led Classroom course
This is a FLEX course, which is delivered simultaneously in two modalities. Choose to attend the Instructor-Led Online (ILO) virtual session or Instructor-Led Classroom (ILT) session.

Europe

Germany

 Frankfurt This is a FLEX course. Enroll
Online Training Time zone: Central European Time (CET) Enroll
Düsseldorf This is a FLEX course. Enroll
Online Training Time zone: Central European Summer Time (CEST) Enroll
Berlin This is a FLEX course. Enroll
Online Training Time zone: Central European Summer Time (CEST) Enroll
Munich This is a FLEX course. Enroll
Online Training Time zone: Central European Summer Time (CEST) Enroll
Hamburg This is a FLEX course. Enroll
Online Training Time zone: Central European Time (CET) Enroll

Poland

 Warsaw This is a FLEX course. 3 days Enroll
Online Training Time zone: Central European Time (CET) Enroll