My CartLog in
Splunk by Cisco
General
The Splunk Platform
Core Implementation (SP-SCI)
About the course

This expert-level course is an immersive five-day assessment-based bootcamp used to give attendees the opportunity to cement their knowledge in working with the Splunk core platform effectively and at-scale using Professional Services (PS) best-practice techniques. This course represents a significant step-up in difficulty versus earlier courses in a Splunk consultant's learning path. Passing the course is only possible if the required preparation and practice is put into place before attending.


In-person (or virtual) instructor-led training will cover how to make Splunk Enterprise run efficiently in large clustered environments and will give a more in-depth understanding of the inner-workings of Splunk.


Attendees will apply best-practice techniques in an attempt to complete a number of practical assessment labs (individually — with no peer and minimal instructor technical assistance). These labs pose various technical challenges in simulated distributed customer environments.


To be successful during the assessed labs, candidates will need to demonstrate a masterful grasp on how to manage configuration at scale, troubleshoot problems, perform environment discovery, and ultimately understand what is necessary to make Splunk Customers successful, all under time pressure. This includes being able to engage with customers with an instructional and collaborative PS mindset, to fully clarify requirements before planning and implementing solutions.


Prerequisite Certifications:


To qualify for registration, candidates must hold all of the following certifications:


▪ Splunk Core Certified Power User

▪ Splunk Core Certified Advanced Power User*

▪ Splunk Enterprise Certified Admin

▪ Splunk Enterprise Certified Architect

Who Should Attend

Module 1 – Deploying Splunk


  • Introduce the Splunk Validated Architectures


Module 2 — Monitoring Console


  • Discuss the best instance to configure as the Monitoring Console
  • Configure the MC for a single or distributed environment
  • Exame how the MC uses the server roles and groups assigned to instances
  • Discuss health checks and how they are run


Module 3 — Access and Roles


  • Discuss how to manage Deployment Server at scale
  • Identify authentication methods
  • Describe LDAP concepts and configuration
  • Discuss SAML and SSO options
  • Define roles and how they are used to protect data


Module 4 — Data Collection


  • Examine Splunk to Splunk (S2S) communication and the different ways data is sent from forwarder to indexer
  • Describe the types and configuration of data inputs
  • Discuss ways to troubleshoot data inputs


Module 5 — Indexing


  • Review indexing artifacts and locations
  • Discuss event processing and data pipelines
  • Understand the underlying text parsing and indexing process
  • Examine data retention controls


Module 6 — Search


Examine the inner-workings of a search

Discuss how to use search job inspection

Look at the different search types and how to maximize search efficiency

Review subsearches and how they work

Examine some sample searches and how to make them more efficient




Module 7 — Index Clustering


  • Provide an architecture overview
  • Describe deployment and component configuration
  • Review upgrade strategy
  • Discuss Data buckets and lifecycle
  • Examine failure modes and recovery processes
  • Introduce multi-site clustering
  • Explain migration procedures