Basic |
Introduction to Splunk |
What is Splunk, Features, Architecture, Editions, Use Cases |
|
Splunk Components |
Forwarders, Indexers, Search Heads |
|
Data Ingestion Basics |
Input types, Data sources, Formats |
|
Splunk Search Language (SPL) Basics |
Search commands, Syntax, Keywords |
|
Indexing |
Index creation, Data retention, Index types |
|
Fields & Field Extraction |
Default fields, Extracting fields, Regex |
|
Event Types |
What are events, Event metadata, Event examples |
|
Knowledge Objects |
Saved searches, Event types, Tags |
|
Dashboards Basics |
Simple dashboards, Panels, Charts |
|
Splunk Documentation & Tools |
Splunk Docs, Apps, Add-ons |
Intermediate |
Advanced Search Commands |
stats, timechart, chart, top, rare, eval |
|
Data Parsing & Transforming |
Transforms.conf, Props.conf, Data normalization |
|
Lookup Tables |
Static lookups, Automatic lookups, KV Store lookups |
|
Field Aliases |
Field renaming, Best practices |
|
Tags & Event Types |
Custom tags, Event categorization |
|
Alerts & Scheduled Searches |
Creating alerts, Trigger actions, Scheduled searches |
|
Splunk Apps & Add-ons |
Installing apps, Using add-ons, Marketplace |
|
Data Models & Pivots |
CIM, Pivot interface, Accelerated data models |
|
Search Macros |
Macro creation, Usage, Parameters |
|
Regular Expressions |
Extracting data, Named captures, Best practices |
Advanced |
Indexing Internals |
Index structure, Buckets, Indexing pipelines |
|
Data Retention Policies |
Frozen data, Retention settings, Archiving |
|
Performance Tuning |
Search optimization, Index optimization, Best practices |
|
Splunk Clustering |
Indexer clustering, Search head clustering, Deployment scenarios |
|
Distributed Search |
Search head pooling, Search affinity, Load balancing |
|
Advanced Dashboards & Visualizations |
Dynamic panels, Drilldowns, Advanced charts |
|
Splunk REST API |
API endpoints, Authentication, Examples |
|
Security & Access Control |
Roles, Users, Authentication methods |
|
Event Correlation |
Correlation searches, Use cases |
|
Splunk Enterprise Security |
ES app, Notable events, Incident review |
Expert |
Splunk Architecture Deep Dive |
Indexer internals, Forwarder types, Queue handling |
|
Custom Apps & Add-ons |
App development, Splunk SDKs, Deployment |
|
Advanced Field Extraction |
Regex optimization, Field aliases, Multi-line events |
|
Splunk Deployment Strategies |
Single vs Multi-site, Best practices |
|
Troubleshooting Splunk |
Log analysis, Common errors, Debugging techniques |
|
Data Model Acceleration |
CIM compliance, Acceleration techniques |
|
Machine Learning Toolkit (MLTK) |
Installing MLTK, Using algorithms, Predictive analytics |
|
Splunk IT Service Intelligence (ITSI) |
KPIs, Glass tables, Service monitoring |
|
Splunk Observability Cloud |
APM, Metrics, Infrastructure monitoring |
|
Future Trends & Best Practices |
Cloud-native Splunk, AI integration, Performance tuning |
No comments:
Post a Comment