Working With Splunk: Beginner To Intermediate

Short Description:

This course is designed to introduce beginners or intermediate users of Splunk – a powerful data analytics platform used for searching, analyzing, and visualizing machine generated data.

Description:

Embark on your journey with Splunk, a potent data analytics platform tailored for beginners and intermediate users. This course immerses students in the world of Splunk, offering hands-on experience in data ingestion, search syntax, data visualization, and basic troubleshooting.

Explore Splunk's distributed architecture, commonly deployed in production environments. By the course's conclusion, students will possess foundational knowledge to effectively employ Splunk in diverse use cases, opening doors to powerful data analysis and visualization.

Duration: 1 Day

Description:  BDT282

Learning Objectives:

Upon completing this course, you will have the opportunity to:

• Comprehend Splunk's architecture, gaining insights into its core structure.
• Master data ingestion techniques in Splunk, ensuring data is efficiently collected and processed.
• Learn to perform effective searching and analysis within Splunk's environment.
• Acquire the skills to create compelling data visualizations for clear insights.
• Understand Splunk's distributed architecture and how it functions across various components.

• Basic knowledge of Network logs

• This course is designed for anyone interested in getting start with Splunk to perform Network Forensic Analysis. This can include SOC analysts, Network Engineers, System Administrators, Data Analysts.

• This course is designed for anyone interested in getting start with Splunk to perform Network Forensic Analysis. This can include SOC analysts, Network Engineers, System Administrators, Data Analysts.

Course Outline:

Splunk Architecture

• Overview of Splunk and its key features
• Splunk data model and architecture
• Setting up Splunk as Docker Container
• Hands-on: Installing Splunk

Data Ingestion

• Importing data into Splunk
• Parsing data using Sourcetypes
• Using Add-ons to parse data
• Hands-on: Ingesting sample data into Splunk

Searching and Analysis

• Working with Splunk Search Processing Language (SPL)
• Understanding search assistant modes
• Search commands for filtering, sorting and transforming data
• Using fields, tags and event types to enhance search results
• Work with a use case to find attack vectors
• Hands-on: Use case

Data Visualization

• Using Splunk’s Data Visualizations and Dashboards
• Building Dashboard inputs using Time Range Picker
• Adding Text Box, Drop Down to Dashboard inputs
• Hands-on: Creating Dashboard with panels

Understanding Splunk’s Distributed Architecture

• Understanding Splunk’s Distributed Architecture Components
• Role of Indexers in data storage and replication
• Using Universal Forwarders, Distributors, and Deployment Server
• Demo: Building a Splunk Distributed Deployment

Training material provided: Yes (Digital format)

Hands-on Lab: Students should install Docker Desktop.