Software Developers, System Administrators, Search Analysts, Security Professionals, Database Administrators and others.
There are no prerequisites for taking this training. Only requirement is that you need to first complete the Splunk developer and administration domains first and then learn the Splunk SIEM.
Splunk is the most popular tool for working with machine data. Splunk is also extensively used for security monitoring, analysis and threat mitigation. This Intellipaat Splunk Master Program has been created to help you be a complete Splunk professional. Once you learn the Splunk developer and administration domains you can be qualified to learn the Splunk SIEM domain. Upon completion of the training your skills will be highly demanded by the industry helping you fast-track your career.
Introduction to Splunk, Splunk developer roles and responsibilities
Writing Splunk query for search, Autocomplete to build a search, time range, refine search, work with events, identify the contents of search, control a search job
Hands-on Exercise – Write a basic search query
what is Field, how to use Fields in Search, deploying Fields Sidebar and Field Extractor for REGEX field extraction, delimiter field Extraction using FX.
Hands-on Exercise – Use Fields in Search, Use Fields Sidebar, Use Field Extractor (FX), delimit field Extraction using FX
Writing Splunk query for search, sharing, saving, scheduling and exporting search results
Hands-on Exercise – Schedule a search, Save a search result, Share and export a search result
how to create alerts, understanding alerts and viewing fired alerts.
Hands-on Exercise –Create an alert in Splunk and view the fired alerts
Describe and Configure Scheduled Reports
Introduction to Tags in Splunk, deploying Tags for Splunk search, understanding event types and utility, generating and implementing event types in Search
Hands-on Exercise – Deploy tags for Splunk search, generate and implement event types in Search
What is a Macro,what are Variables and Arguments in Macros
Hands-on Exercise –First you define a Macro with arguments and then use Variables within it.
GET, POST, and Search workflow actions
Hands-on Exercise – Create GET, POST, and Search workflow
Studying the Search Command, the general search practices, what is a search pipeline, how to specify indexes in search, highlighting the syntax, deploying the various search commands like fields, tables, sort, rename, rex and erex.
Hands-on Exercise –Steps to create a search pipeline, search index specification, how to highlight syntax, using the autocomplete feature, deploying the various search commands like sort, fields, tables, rename, rex and erex.
Using Top, Rare, Stats Commands
Hands-on Exercise – Use Top, Rare, Stats Commands
Using following commands and their functions: addcoltotals, addtotals,top, rare,stats
Hands-on Exercise – Create reports using following commands and their functions: addcoltotals, addtotals
iplocation, geostats, geom, addtotals commands
Hands-on Exercise – Track ip using iplocation, get geo data using geostats
Explore the available visualizations, create charts and time charts, omit null values and format results
Hands-on Exercise – Create time charts, omit null values and format results
Calculating and analyzing results, value conversion, roundoff and format values, using eval command, conditional statements, filtering calculated search results
Hands-on Exercise – Calculate and analyze results, perform coversion on a data value, roundoff a numbers, use eval command, write conditional statements,apply filters on calculated search results
How to search the transactions, creating report on transactions, grouping events using time and fields, comparing transactions with stats.
Hands-on Exercise – Generate Report on Transactions, Group events using fields and time
Learn about data lookups, example, lookup table, defining and configuring automatic lookup, deploying lookup in reports and searches
Hands-on Exercise – Define and configure automatic lookup, deploy lookup in reports and searches
Creating search charts, reports and dashboards, Editing reports and Dashboard, Adding reports to dashboard
Hands-on Exercise – Create search charts, reports and dashboards, Edit reports and Dashboard, Add reports to dashboard
Working with raw data for data extraction, transformation, parsing and preview
Hands-on Exercise – Extract useful data from raw data, perform transformation, parse different values and preview
Describe Pivot, Relationship between data model and pivot, select a data model object, create a pivot report, instant pivot from a search, add a pivot report to dashboard
Hands-on Exercise – Select a data model object, create a pivot report, create instant pivot from a search, add a pivot report to dashboard
What is Splunk CIM, Using the CIM Add-On to normalize data
Hands-on Exercise – Use the CIM Add-On to normalize data
Introduction to the architecture of Splunk, the various server settings, how to set up the alerts, the various types of licenses, important features of Splunk tool, the requirements of hardware, conditions needed for installation of Splunk.
How to install and configure Splunk, creation of index, standalone server’s input configuration, the preferences for search, Linux environment Splunk installation, administering and architecting of Splunk.
How to install Splunk in the LInux environment, the conditions needed for Splunk, configuring Splunk in the Linux environment.
Introducing Splunk distributed management console, indexing of clusters,how to deploy distributed search in Splunk environment, forwarder management, user authentication and access control.
Introduction to the Splunk app, how to develop the Splunk apps, Splunk app management, Splunk app add-ons, using Splunkbase for installation and deletion of apps, different app permissions implementation, how to use the Splunk app and apps on forwarder.
Details of index time configuration file and the search time configuration file.
Index time and search time configuration file understanding in Splunk, forwarder installation, input and output configuration, Universal Forwarder management, Splunk Universal Forwarder highlights.
Implementing the Splunk tool, deploying it on the server, Splunk environment setup, Splunk client group deployment.
Understanding the Splunk Indexes, the default Splunk Indexes, segregating the Splunk Indexes, learning about Splunk Buckets and Bucket Classification, estimating index storage, creating new index.
Understanding the concept of role inheritance, Splunk authentications, native authentications, LDAP authentications.
Splunk installation, configuration, data inputs, app management, Splunk important concepts, parsing machine-generated data, search indexer and forwarder.
Introduction to Splunk Configuration Files, Universal Forwarder, Forwarder Management, data management, troubleshooting and monitoring.
Converting machine-generated data into operational intelligence, setting up Dashboard, Reports and Charts, integrating Search Head Clustering & Indexer Clustering.
Understanding the input methods, deploying scripted, Windows, network and agentless input types, fine-tuning it all.
Splunk User authentication and Job Role assignment, learning to manage, monitor and optimize Splunk Indexes.
Understanding parsing of machine-generated data, manipulation of raw data, previewing and parsing, data field extraction, comparing single line and multi-line events.
Distributed search concepts, improving search performance, large scale deployment and overcoming execution hurdles, working with Splunk Distributed Management Console for monitoring the entire operation.
Cluster indexing, configuring individual nodes, configuring the cluster behavior, index and search behavior, setting node type to handle different aspects of cluster like master node, peer node and search head.
Understanding the fundamentals of Splunk Security, details of the traditional security threats, describing correlation searches, what is a security data model.
How to monitor the dashboard and brief on each panel, investigating notable events with incident review dashboards, workflow investigation, relative action on identified flow.
Deploying ES investigation timelines for managing, visualizing and coordinating incident investigations, using journals and timelines for documenting breach analysis and efforts needed to mitigate the issues.
Deploying risk analysis and identification, risk dashboard utilization, how to manage the risk scores for objects and users.
Using HTTP category analysis, HTTP user agent analysis, analyzing new domain, analyzing traffic size for spotting new threats, highlighting investigable events.
Accessing the anomaly dashboards for user role and access logs, understanding the identity and asset concepts.
Monitoring the malicious sites with threat activity dashboard, inspecting threat intelligence content with threat artifact dashboard.
Project 1 : Creating an employee database of a company
Industry : General
Problem Statement : How to build a Splunk dashboard where employee details are readily available
Topics : In this project you will create a text file of employee data with details like full name, salary, designation, ID and so on. You will index the data based on various parameters, use various Splunk commands for evaluating and extracting the information. Finally you will create a dashboard and add various reports to it.
Project 2 : Building an organizational dashboard with Splunk
Industry : Ecommerce
Problem Statement : How to analyze website traffic and gather insights
Topics : In this project you will build an analytics dashboard for a website and create alerts for various conditions. You will capture access logs of web server, sample logs are captured and uploaded. You will analyze the top ten users, the average time spent, peak response time of the website, top ten errors and error code description. You will also create a Splunk dashboard for reporting and analysis.
Project 3 : Field extraction in Splunk
Industry : General
Problem Statement : how to extract the fields from event data in Splunk
Topics : In this project you will learn to extract fields from events using the Splunk field extraction technique. You will gain knowledge in the basics of field extractions, understand the use of field extractor, the field extraction page in Splunk web and field extract configuration in files. Learn about the regular expression and delimiters method of field extraction. Upon completion of the project you will gain expertise in building Splunk dashboard and use the extracted field’s data in it to create rich visualizations in an enterprise setup.
Project : A BPO firm wants to secure its confidential data
Industry : Outsourcing
Problem Statement :How to ensure that an outsourcing firm does not fall prey to IT security threats
Topics : In this project you will work with the Business Process Outsourcing firms machine-generated data to look for suspicious activities, anomalies and suspected threats. You will deploy the Splunk SIEM tool for combing through huge volumes of data and deploy Splunk analytics to come up with enterprise security reports and recommendations for securing the activity of the enterprise.
The Intellipaat Splunk Master Program has been tailor-made to the specifications of the industry. This Intellipaat Splunk course will give you hands-on experience in installing and configuring Splunk, deploying Splunk searches and indexes, creating Reports, sorting, analysis, user administration, threat analysis, real-time monitoring and creating alerts with the Splunk tool.
You will be working on real time projects that have high relevance in the corporate world, step by step assignments and curriculum designed by industry experts. Upon completion of the training course you can apply for some of the best jobs in top MNCs around the world at top salaries. Intellipaat offers lifetime access to videos, course materials, 24/7 Support, and course material upgrading to latest version at no extra fees. Hence it is clearly a one-time investment.
This training course is designed for clearing the following Exams.
The entire training course content is in line with the certification programs and helps you clear the certification exam with ease and get the best jobs in the top MNCs.
As part of this Splunk Course you will be working on real time projects and assignments that have immense implications in the real-world industry scenario thus helping you fast track your career effortlessly.
At the end of this training program there will be a quiz that perfectly reflects the type of questions asked in the certification exams and helps you score better marks in certification exam.
Intellipaat Course Completion Certificate will be awarded on the completion of Project work (on expert review) and upon scoring of at least 60% marks in the quiz. Intellipaat certification is well recognized in top 80+ MNCs like Ericsson, Cisco, Cognizant, Sony, Mu Sigma, Saint-Gobain, Standard Chartered, TCS, Genpact, Hexaware, etc.
No Reviews found for this course.
"PMI®", "PMP®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc.
The Open Group®, TOGAF® are trademarks of The Open Group.
The Swirl logoTM is a trade mark of AXELOS Limited.
ITIL® is a registered trade mark of AXELOS Limited.
PRINCE2® is a Registered Trade Mark of AXELOS Limited.
Certified ScrumMaster® (CSM) and Certified Scrum Trainer® (CST) are registered trademarks of SCRUM ALLIANCE®
Professional Scrum Master is a registered trademark of Scrum.org