Software Developers, System Administrators, Search Analysts, Security Professionals, Database Administrators and others.
There are no prerequisites for taking up this training. The only requirement is that you need to first complete the Splunk developer and administration domains and then learn the Splunk SIEM.
Splunk is the most popular tool for working with machine data. Splunk is also extensively used for security monitoring, analysis and threat mitigation. Intellipaat Splunk master’s program has been created to help you be a complete Splunk professional. Once you learn the Splunk developer and administration domains, you can be qualified to learn the Splunk SIEM domain. Upon the completion of the training, your skills will be highly demanded by the industry helping you fast-track your career.
Introduction to Splunk and Splunk developer roles and responsibilities
Writing Splunk query for search, auto-complete to build a search, time range, refine search, working with events, identifying the contents of search and controlling a search job
Hands-on Exercise – Write a basic search query
What is a Field, how to use Fields in search, deploying Fields Sidebar and Field Extractor for REGEX field extraction and delimiting Field Extraction using FX
Hands-on Exercise – Use Fields in Search, use Fields Sidebar, use Field Extractor (FX) and delimit field Extraction using FX
Writing Splunk query for search, sharing, saving, scheduling and exporting search results
Hands-on Exercise – Schedule a search, save a search result and share and export a search result
How to create alerts, understanding alerts and viewing fired alerts.
Hands-on Exercise –Create an alert in Splunk and view the fired alerts
Describe and configure scheduled reports
Introduction to Tags in Splunk, deploying Tags for Splunk search, understanding event types and utility and generating and implementing event types in search
Hands-on Exercise – Deploy tags for Splunk search and generate and implement event types in search
What is a Macro and what are variables and arguments in Macros
Hands-on Exercise –First, you define a Macro with arguments and then use variables with in it
Creating get, post and search workflow actions
Hands-on Exercise – Create get, post and search workflow actions
Studying the search command, the general search practices, what is a search pipeline, how to specify indexes in search, highlighting the syntax and deploying the various search commands like fields, tables, sort, rename, rex and erex
Hands-on Exercise –Steps to create a search pipeline, search index specification, how to highlight syntax, using the auto complete feature and deploying the various search commands like sort, fields, tables, rename, rex and erex
Using top, rare and stats commands
Hands-on Exercise – Use top, rare and stats commands
Using following commands and their functions: addcoltotals, addtotals,top, rare and stats
Hands-on Exercise – Create reports using following commands and their functions: addcoltotals and addtotals
iplocation, geostats, geom and addtotals commands
Hands-on Exercise – Track IP using iplocation and get geo data using geostats
Explore the available visualizations, create charts and time charts, omit null values and format results
Hands-on Exercise – Create time charts, omit null values and format results
Calculating and analyzing results, value conversion, roundoff and format values, using the eval command, conditional statements and filtering calculated search results
Hands-on Exercise – Calculate and analyze results, perform conversion on a data value, roundoff numbers, use the eval command, write conditional statements and apply filters on calculated search results
How to search the transactions, creating report on transactions, grouping events using time and fields and comparing transactions with stats
Hands-on Exercise – Generate report on transactions and group events using fields and time
Learning data lookups, examples and lookup tables, defining and configuring automatic lookups and deploying lookups in reports and searches
Hands-on Exercise – Define and configure automatic lookups and deploy lookups in reports and searches
Creating search charts, reports and dashboards, editing reports and dashboards and adding reports to dashboards
Hands-on Exercise – Create search charts, reports and dashboards, edit reports and dashboards andadd reports to dashboards
Working with raw data for data extraction, transformation, parsing and preview
Hands-on Exercise – Extract useful data from raw data, perform transformation and parse different values and preview
Describe pivot, relationship between data model and pivot, select a data model object, create a pivot report, create in stant pivot from a search and add a pivot report to dashboard
Hands-on Exercise – Select a data model object, create a pivot report, create instant pivot from a search and add a pivot report to dashboard
What is a Splunk CIM and using the CIM Add-On to normalize data
Hands-on Exercise – Use the CIM Add-On to normalize data
Introduction to the architecture of Splunk, various server settings, how to set up alerts, various types of licenses, important features of Splunk tool, the requirements of hardware and conditions needed for installation of Splunk
How to install and configure Splunk, the creation of index, standalone server’s input configuration, the preferences for search, Linux environment Splunk installation and the administering and architecting of Splunk
How to install Splunk in the Linux environment, the conditions needed for Splunk and configuring Splunk in the Linux environment
Introducing Splunk distributed management console, indexing of clusters,how to deploy distributed search in Splunk environment, forwarder management, user authentication and access control
Introduction to the Splunk app, how to develop Splunk apps, Splunk app management, Splunk app add-ons, using Splunk-base for installation and deletion of apps, different app permissions and implementation and how to use the Splunk app and apps on forwarder
Details of the index time configuration file and the search time configuration file
Understanding of Index time and search time configuration filesin Splunk, forwarder installation, input and output configuration, Universal Forwarder management and Splunk Universal Forwarder highlights
Implementing the Splunk tool, deploying it on the server, Splunk environment setup and Splunk client group deployment
Understanding the Splunk Indexes, the default Splunk Indexes, segregating the Splunk Indexes, learning Splunk Buckets and Bucket Classification, estimating Index storage and creating new Index
Understanding the concept of role inheritance, Splunk authentications, native authentications and LDAP authentications
Splunk installation, configuration, data inputs, app management, Splunk important concepts, parsing machine-generated data, search indexer and forwarder
Introduction to Splunk Configuration Files, Universal Forwarder, Forwarder Management, data management, troubleshooting and monitoring
Converting machine-generated data into operational intelligence, setting up the dashboard, reports and charts and integrating Search Head Clustering and Indexer Clustering
Understanding the input methods, deploying scripted, Windows and network and agentless input types and fine-tuning them all
Splunk user authentication and job role assignment and learning to manage, monitor and optimize Splunk Indexes
Understanding parsing of machine-generated data, manipulation of raw data, previewing and parsing, data field extraction and comparing single-line and multi-line events
Distributed search concepts, improving search performance, large-scale deployment and overcoming execution hurdles and working with Splunk Distributed Management Console for monitoring the entire operation
Cluster indexing, configuring individual nodes, configuring the cluster behavior, index and search behavior, setting node type to handle different aspects of cluster like master node, peer node and search head
Understanding the fundamentals of Splunk security, details of the traditional security threats, describing correlation searches and what is a security data model
How to monitor the dashboard and brief on each panel, investigating notable events with incident review dashboards, workflow investigation and relative action on identified flow
Deploying ES investigation timelines for managing, visualizing and coordinating incident investigations and using journals and timelines for documenting breach analysis and efforts needed to mitigate the issues
Deploying risk analysis and identification, risk dashboard utilization and how to manage the risk scores for objects and users
Using HTTP category analysis, HTTP user agent analysis, analyzing new domain, analyzing traffic size for spotting new threats and highlighting investigable events
Accessing the anomaly dashboards for user role and access logs and understanding the identity and asset concepts
Monitoring the malicious sites with threat activity dashboard and inspecting threat intelligence content with threat artifact dashboard
Project 1 : Creating an Employee Database of a Company
Industry : General
Problem Statement : How to build a Splunk dashboard where employee details are readily available
Topics : In this project, you will create a text file of employee data with details like full name, salary, designation, ID and so on. You will index the data based on various parameters, use various Splunk commands for evaluating and extracting the information. Finally, you will create a dashboard and add various reports to it.
Project 2 : Building an Organizational Dashboard with Splunk
Industry : E-commerce
Problem Statement : How to analyze website traffic and gather insights
Topics : In this project, you will build an analytics dashboard for a website and create alerts for various conditions. You will capture access logs of the web server andthe sample logs and them the sample are uploaded. You will analyze the top ten users, the average time spent, peak response time of the website, the top ten errors and error code description. You will also create a Splunk dashboard for reporting and analyzing.
Project 3 : Field Extraction in Splunk
Industry : General
Problem Statement :How to extract the fields from event data in Splunk
Topics : In this project, you will learn to extract fields from events using the Splunk field extraction technique. You will gain knowledge in the basics of field extractions, understand the use of the field extractor, the field extraction page in Splunk web and field extract configuration in files. You will learn the regular expression and delimiters method of field extraction. Upon the completion of the project, you will gain expertise in building Splunk dashboard and use the extracted fields data in it to create rich visualizations in an enterprise setup.
Project: A BPO Firm Wants to Secure Its Confidential Data
Problem Statement:How to ensure that an outsourcing firm does not fall prey to IT security threats
Topics: In this project, you will work with the business process outsourcing firms’ machine-generated data to look for suspicious activities, anomalies and suspected threats. You will deploy the Splunk SIEM tool for combing through huge volumes of data and deploy Splunk analytics to come up with enterprise security reports and recommendations for securing the activity of the enterprise.
Software trial version is available for 1 week. After that you just pay Rs.10K to get the software for lifetime.
Intellipaat Splunk Architect master’s program has been tailor-made to the specifications of the industry. Intellipaat Splunk course will give you hands-on experience in installing and configuring Splunk, deploying Splunk searches and indexes, creating reports, sorting, analysis, user administration, threat analysis, real-time monitoring and creating alerts with the Splunk tool.
You will be working on real-time projects that have high relevance in the corporate world and step-by-step assignments, and the curriculum is designed by industry experts. Upon the completion of the training course, you can apply for some of the best jobs in top MNCs around the world at top salaries. Intellipaat offers lifetime access to videos, course materials, 24/7 support and course material upgrading to the latest version at no extra fees. Hence, it is clearly a one-time investment.
This training course is designed for clearing the following exams:
The entire course content is in line with the certification programs and helps you clear the certification exam with ease and get the best jobs in the top MNCs.
As part of this Splunk course, you will be working on real-time projects and assignments that have immense implications in the real-world industry scenarios, thus helping you fast track your career effortlessly.
At the end of this training program, there will be a quiz that perfectly reflects the type of questions asked in the certification exams and helps you score better marks.
Intellipaat Course Completion Certificate will be awarded upon the completion of the project work (after expert review) and upon scoring at least 60% marks in the quiz. Intellipaat certification is well recognized in top 80+ MNCs like Ericsson, Cisco, Cognizant, Sony, Mu Sigma, Saint-Gobain, Standard Chartered, TCS, Genpact, Hexaware, etc.
"PMI®", "PMP®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc.
The Open Group®, TOGAF® are trademarks of The Open Group.
The Swirl logoTM is a trade mark of AXELOS Limited.
ITIL® is a registered trade mark of AXELOS Limited.
PRINCE2® is a Registered Trade Mark of AXELOS Limited.
Certified ScrumMaster® (CSM) and Certified Scrum Trainer® (CST) are registered trademarks of SCRUM ALLIANCE®
Professional Scrum Master is a registered trademark of Scrum.org