Learning Splunk

Useful techniques to help you grasp operational intelligence basics with Splunk

4.45 (70 reviews)
Udemy
platform
English
language
Data & Analytics
category
454
students
4 hours
content
Dec 2020
last update
$64.99
regular price

What you will learn

Build your own Splunk development environment from scratch on a Linux server—and use it!

Onboard and index multiple types of data into your Splunk instance

Understand the importance of the Splunk Common Information Model (CIM), and why data models make Splunk a powerful tool for managing logs at volume

Normalize data using Splunk apps

Develop basic reports and dashboards using your new Splunk instance and the data from your Linux system

Understand why leaving systems exposed to the internet is a bad idea

Description

Maybe you've heard about Splunk, but don't know how to use it to take control of big data? Have you used Splunk, but want to learn how to set it up and use it properly? If so, this course is for you.

In this course, you will work with Splunk from the ground up. You'll learn the basics of Splunk terminology, and how to use the Splunk web interface to find data. You'll also build your own Splunk environment, add data to the Common Information Model (CIM), create dashboards, and find events within data. Finally, you'll master advanced searching techniques that are especially useful to those in network, security, and system administration roles.

The course also covers the latest additions brought in for Splunk 8 and helps you quickly perform an upgrade. By the end of the course, you will be confident about using Splunk and will be well on the road to becoming a proficient Splunk architect and administrator as quickly as possible!

About the Author

Tom Kopchak is the Director of Technical Operations at Hurricane Labs, where he pretends to manage a team of network and Splunk engineers but is still an engineer and technology geek at heart. Tom is a Splunk Certified Architect and Accredited Consultant and has several years' experience building, designing, and managing Splunk deployments; he also manages teams of Splunk engineers, designing Splunk deployment strategies, and developing Splunk training materials.

He holds a Master’s degree in Computing Security from the Rochester Institute of Technology and has spoken at numerous Infosec conferences around the country (including Splunk .conf and DEFCON). You will often find him researching digital forensics topics or tinkering with any and all forms of computer hardware. When he is not working with computers, Tom enjoys composing, music improvisation (Acts of Music), and playing both the piano and organ.

Content

Introduction to Splunk

Course Overview
What Is Splunk
What Are Logs and Why They Matter
Setting Up an AWS Environment
Splunk Installation
Test your knowledge

Splunk Terminology

Splunk – Splexicon
What Data Looks Like in Splunk – Events
Getting Data Out of Splunk – Search
Saved Searches – Report
Visualizing Data – Dashboard
Splunk’s Search Language – Search Processing Language
What Type of Data Do We Have – Sourcetype
How is Data Stored – Index
Making Data Useful with Knowledge Objects and Fields
Enriching Data – Lookup Table
Test your knowledge

Data Onboarding

How to Approach Data Onboarding
Hands-On Lab: Onboarding Linux Authentication Logs
Field Extractions Using Splunk Apps
What If There Is Not an App Available
Splunk Configuration Files
Test your knowledge

Splunk Deployment Components

Core Splunk Infrastructure – Indexes and Search Heads
Supporting Infrastructure – Forwarders
Supporting Infrastructure – Syslog Receiver
Supporting Infrastructure – Deployment Server
Splunk Licensing – How It Works and How to Investigate Your License Utilization
Splunk Clustering – Building Splunk for Fault Tolerance
Distributed Splunk Environments
Splunk Apps – The Building Blocks of Any Splunk Deployment
Test your knowledge

Data Normalization and Data Models

Onboarding Iptables Logs
Normalizing Data Using the Splunk Common Information Model (CIM)
Applying the Common Information Model to Your Firewall Logs
Test your knowledge

Using Your Splunk Environment

Overview of Splunk UI
Using Fields
Hands-on Lab: Working with the Splunk UI
Splunk Search Models
Hands-On Lab: Splunk Search Modes
The Search Pipeline
Hands-On Lab: Search Pipeline
Test your knowledge

Visualizing Data

Reporting Log Data – Tables
Hands-On Lab: Tables – Displaying Search Results
Advanced Searching Concepts – Chart – Graphing Search Results
Advanced Searching Concepts – Timechart – Results Over Time
Advanced Searching Concepts – Geostats and IP Location
Advanced Searching Concepts: Eval – Manipulating and Reformatting Data
Advanced Searching Concepts: Rename – Making Table Headers More Accessible
Advanced Searching Concepts: Relative Time Syntax
Advanced Searching Concepts: Search Performance – Gotchas to Avoid
Advanced Searching Concepts: Time to Experiment – Expanding Your Splunk Knowle
Creating Splunk Dashboards
Hands-On Lab: Dashboards
Test your knowledge

Upgrading Splunk

Splunk Release Cycles
What’s New in Splunk 8.0
Planning for an Upgrade
Backing up Your Splunk Instance
Performing a Splunk Upgrade
Hands-on Lab: Upgrading Your Lab System

Screenshots

Learning Splunk - Screenshot_01Learning Splunk - Screenshot_02Learning Splunk - Screenshot_03Learning Splunk - Screenshot_04

Reviews

Robin
February 28, 2022
Seems the host is going fast for OS setup, assuming we all know linux...but I do understand this isn't a linux course as well.
Vince
December 10, 2020
I suppose this is a cursory overview of some things in splunk... If I really want to learn some details< I'll be needing more training. The course is easy enough to pause and rewind, when looking at technical details, but any differing results have no explanation... I will have to start asking and searching some sessions....
Blue
June 14, 2020
I needed to find a good course to help me hash through some more of the Splunk interface. At first it felt like it was going way to slow, especially during the Splunk Terminology, but to my surprise, it went further into some core features that I did not know about. I'm glad I bought this course. I'm only about an 90 minutes in, but I would say that it's a great place to start for beginners.
Joseph
April 12, 2020
This is a fantastic intermediate-level course on Splunk. The course covers more topics and material than a true Splunk beginner would probably be comfortable with, but that's fine as there are other/good beginner courses out there already. Have worked with Splunk for more than a year and found some excellent Splunk articles on Hurricane Labs' website, so was quite confident this course would deliver (and it has). Tom's nice coverage of apps and Splunk backups/upgrades definitely make this course one of the best.

Charts

Price

Learning Splunk - Price chart

Rating

Learning Splunk - Ratings chart

Enrollment distribution

Learning Splunk - Distribution chart

Related Topics

2952018
udemy ID
4/3/2020
course created date
4/8/2020
course indexed date
Bot
course submited by