Splunk 9.x enterprise certified admin guide : ace the Splunk Enterprise Certified Admin exam with the help of this comprehensive prep guide / Srikanth Yarlagadda.

Format:

Book

Author/Creator:

Yarlagadda, Srikanth, author.

Language:

English

Subjects (All):

Big data--Data processing.

Big data.

Data mining.

Automatic data collection systems.

Electronic data processing.

Physical Description:

1 online resource (254 pages) : illustrations

Edition:

First edition.

Place of Publication:

Birmingham, England : Packt Publishing, [2023]

Summary:

The IT sector's appetite for Splunk and skilled Splunk developers continues to surge, offering more opportunities for developers with each passing decade. If you want to enhance your career as a Splunk Enterprise administrator, then Splunk 9.x Enterprise Certified Admin Guide will not only aid you in excelling on your exam but also pave the way for a successful career. You'll begin with an overview of Splunk Enterprise, including installation, license management, user management, and forwarder management. Additionally, you'll delve into indexes management, including the creation and management of indexes used to store data in Splunk. You'll also uncover config files, which are used to configure various settings and components in Splunk. As you advance, you'll explore data administration, including data inputs, which are used to collect data from various sources, such as log files, network protocols (TCP/UDP), APIs, and agentless inputs (HEC). You'll also discover search-time and index-time field extraction, used to create reports and visualizations, and help make the data in Splunk more searchable and accessible. The self-assessment questions and answers at the end of each chapter will help you gauge your understanding. By the end of this book, you'll be well versed in all the topics required to pass the Splunk Enterprise Admin exam and use Splunk features effectively.

Contents:

Cover

Title Page

Copyright and Credit

Dedicated

Contributors

Table of Contents

Preface

Part 1: Splunk System Administration

Chapter 1: Getting Started with the Splunk Enterprise Certified Admin Exam

Introducing the certification exam

The weightage of topics in the exam

Introducing the exam's test pattern

True or false category

Single-answer category

Multiple-choice category

What is Splunk Enterprise?

Introducing Splunk Enterprise 9.x features

Understanding Splunk components

Processing components

Management components

Splunk Validated Architectures (SVAs)

Single-server deployment

Distributed non-clustered deployment

Distributed cluster deployment and SHC - single-site

Distributed clustered deployment and SHC - multi-site

Splunk installation - standalone

Installation system requirements

Installation steps

Summary

Self-assessment

Reviewing the answers

Chapter 2: Splunk License Management

Introducing license types

The Splunk Enterprise Trial license

The Splunk Free license

The Forwarder license

The Splunk Enterprise license

The Splunk Enterprise infrastructure license

Splunk Developer license

Understanding license warnings and violations

How licensing works

Installing, managing, and monitoring licenses

Adding a license

License groups, stacks, and pools

License manager and license peers

License usage and alerting

Reviewing answers

Chapter 3: Users, Roles, and Authentication in Splunk

Users

Creating a new user

Roles

Creating a new role

Authentication methods

Native Splunk

LDAP

SAML

MFA

Scripted authentication

Chapter 4: Splunk Forwarder Management

Introducing the universal forwarder.

Configuring the Deployment Server

Configuring serverclass

Installing the universal forwarder

Installation in Windows OS

Installation in Linux OS

Configuring forwarding

Configuring deploymentclient

Forwarder monitoring

Chapter 5: Splunk Index Management

Understanding Splunk indexes

Understanding buckets

Creating Splunk indexes

Splunk Web

CLI

indexes.conf explained

Backing up indexes

Monitoring Splunk indexes

Chapter 6: Splunk Configuration Files

Understanding conf files

File format and access

Structure and syntax

Config layering and inheritance

Default stanzas and global settings

Merging multiple conf files

Understanding conf file precedence

Search-time precedence

Index-time precedence

Troubleshooting conf files using the btool command

Chapter 7: Exploring Distributed Search

Understanding distributed search

Search head and indexer clustering overview

Search head clustering

Indexer clustering

Configuring distributed search

The Splunk CLI

Understanding knowledge bundles

Knowledge bundle replication

Part 2: Splunk Data Administration

Chapter 8: Getting Data In

Understanding Splunk data inputs

Understanding metadata fields

Source types

Data indexing phases

Input

Parsing

Indexing

Splunk Web - Add Data feature

Chapter 9: Configuring Splunk Data Inputs

File and directory monitoring

Handling network data input

TCP and UDP input

Discussing scripted inputs

Understanding HEC input

Configuring HEC

Sending data to HEC.

Exploring Windows inputs

Chapter 10: Data Parsing and Transformation

Parsing phase settings

props.conf settings

Transformation settings - transforms.conf

Data anonymization

Overriding source types

Index re-routing

Dropping unwanted events

Splunk Web data preview

Creating the source type definition

Data masking

Chapter 11: Field Extractions and Lookups

Understanding fields and lookups

Fields

Lookups

Creating search-time field extractions

Delimited data extractions

Unstructured data extractions

Creating index-time field extractions

Structured data extractions

Creating lookups

CSV lookups

KV Store lookups

Chapter 12: Self-Assessment Mock Exam

Mock exam questions

Index

Other Books You May Enjoy.

Notes:

Includes index.

Description based on print version record.

ISBN:

9781803232232

1803232234

OCLC:

1396224201