Anmeldung Splunk Zertifizierungs-Trainings

Using Splunk 6
  • Webbased Training
    08.00 - 13.00 Uhr
    CHF 500.00 pro Person (exkl. MwSt.)

  • Understand the uses of Splunk
  • Define Splunk Apps
  • Learn basic navigation in Splunk
  • Understand the lab environment
  • Understand the personas referenced in the course
  • Run basic searches
  • Set the time range of a search
  • Identify the contents of search results
  • Refine searches
  • Use the timeline
  • Work with events
  • Control a search job
  • Save search results
  • Understand fields
  • Use fields in searches
  • Use the fields sidebar
  • Save a search as a report
  • Edit reports
  • Create reports that include visualizations such as charts and tables
  • Describe Pivot
  • Understand the relationship between data models and pivot
  • Select a data model object
  • Create a pivot report
  • Create an instant pivot from a search
  • Create a dashboard
  • Add a reports to a dashboard
  • Add a pivot report to a dashboard
  • Edit a dashboard
Searching & Reporting with Splunk 6
  • Webbased Training
    Tag 1: 14.00 - 17.00 / Tag 2: 09.00 - 17.00
    CHF 1'000.00 pro Person (exkl. MwSt.)

  • Review basic search commands and general search practices
  • Examine the anatomy of a search
  • Use the following commands to perform searches:
    – tables
    – rename
    – fields
    – dedup
    – sort
  • Use the following commands and their functions:
    – top
    – rare
    – stats
  • Data structure requirements
  • Create and format basic charts
  • Create and format timecharts
  • Use the following commands and their functions:
    – trendline
    – iplocation
    – geostats
    – geom
    – single vlaues
    – addtotals
  • Use the following commands and their functions:
    – eval
    – filnull
    – search
    – where
  • Identify transactions
  • Group events using fields
  • Group events using fields and time
  • Search with transactions
  • Report on transactions
  • Determine when to use transactions vs. stats
Creating Splunk 6 Knowledge Objects
  • Webbased Training
    Tag 1: 08.00 - 17.00 / Tag 2: 08.00 - 13.00
    CHF 1'000.00 pro Person (exkl. MwSt.)

  • Overview of Buttercup Games Inc.
  • Lab Environment
  • Describe the Common Information Model (CIM)
  • Understand the relationship between the CIM and knowledge objects
  • Define naming conventions
  • Review permissions
  • Describe lookups
  • Create a lookup file and create a lookup definition
  • Configure an automatic lookup
  • Create and use field aliases
  • Create and use calculated fields
  • Perform regex field extractions using the Field Extractor (FX)
  • Perform delimiter field extractions using the FX
  • Create and use tags
  • Describe event types and their uses
  • Create an event type
  • Describe the function of GET, POST, and Search workflow actions
  • Create a GET workflow action
  • Create a Search workflow action
  • Describe alerts
  • Create alerts
  • View fired alerts
  • Describe scheduled reports
  • Configure scheduled reports
  • Describe macros
  • Create and use a basic macro
  • Define arguments and variables for a macro
  • Add and use arguments with a macro
  • Describe the relationship between data models and pivot
  • Identify data model attributes
  • Create a data model
  • Use a data model in pivot
Advanced Searching & Reporting with Splunk 6

  • Use the proper case in searches
  • Describe Splunk’s search process
  • Use the search inspector to view search performance
  • Use sub-searches to correlate data by finding events that:
    – Have matching values for a common field in the results of a sub-search
    – Do not have matching values for a common field in the results of a sub-search
    – Have matching values for a field with a different name in the results of a sub-search
  • Use statistical functions such as min, max, mean, median, and standard deviation
  • Use the appendpipe command
  • Use the streamstats and eventstats commands
  • Use the following commands and functions:
    – bin
    – xyseries
    – foreach
    – Filtering commands – search
    – Filtering commands – where
    – shere functions: like, isnull
    – eval funcions: strftime, upper, case, replace
  • Use the following commands and functions:
    – untable
    – addtotals
    – append and appendcols
  • Search for events using custom time ranges
  • Search for events within a window of time
  • Display and use using relative dates
  • Use the return command
  • Find events logged before a particular event occurs
  • Find events logged after a particular event occurs
  • Compare complete transactions
  • Analyze transactions
  • Include events based on values in a lookup table
    – Exclude events based on values in a lookup table
    – Build a baseline lookup table and reference the baseline values in alerts
Splunk Enterprise Data Administration

  • Splunk overview
  • Identify Splunk components
  • Identify Splunk system administrator role
  • List the four phases of Splunk Index
  • List Splunk input options
  • Describe the band settings for an input
  • Understand the role of production Indexers and Forwarders
  • Understand the functionality of Universal Forwarders and Heavy Forwarders
  • Configure Forwarders
  • Identify additional Forwarder options
  • Explain the use of Forwarder Management
  • Describe Splunk Deployment Server
  • Manage forwarders using deployment apps
  • Configure deployment clients
  • Configure client groups
  • Monitor forwarder management activities
  • Create file and directory monitor inputs
  • Use optional settings for monitor inputs
  • Deploy a remote monitor input
  • Create network (TCP and UDP) inputs
  • Describe optional settings for network inputs
  • Create a basic scripted input
  • Identify Windows input types and uses
  • Understand additional options to get data into Splunk
    HTTP Event Collector
    Splunk App for Stream
  • Understand the default processing that occurs during input phase
  • Configure input phase options, such as sourcetype fine-tuning and character set encoding
  • Understand the default processing that occurs during parsing
  • Optimize and configure event line breaking
  • Explain how timestamps and time zones are extracted or assigned to events
  • Use Data Preview to validate event creation during the parsing phase
  • Explain how data transformations are defined and invoked
  • Use transformations with props.conf and transforms.conf
  • Use SEDCMD to modify raw data
  • Create field extractions
  • Configure collections for KV Store
  • Manage Knowledge Object permissions
  • Control automatic field extraction
Splunk Enterprise System Administration

  • Splunk overview
  • Identify Splunk components
  • Identify Splunk system administrator role
  • Identify license types
  • Describe license violations
  • Add and remove licenses
  • Describe Splunk apps and add-ons
  • Install an app on a Splunk instance
  • Manage app accessibility and permissions
  • Describe Splunk configuration directory structure
  • Understand configuration layering process
  • Use btool to examine configuration settings
  • Describe index structure
  • List types of index buckets
  • Create new indexes
  • Monitor indexes with Monitoring Console
  • Apply a data retention policy
  • Backup data on indexers
  • Delete data from an index
  • Restore frozen data
  • Describe user roles in Splunk
  • Create a custom role
  • Add Splunk users
  • Integrate Splunk with LDAP
  • List other user authentication options
  • Describe the steps to enable Multifactor Authentication in Splunk
  • Describe the basic settings for an input
  • List Splunk forwarder types
  • Configure the forwarder
  • Add an input to UF using CLI
  • Describe how distributed search works
  • Explain the roles oft he search head and search peers
  • Configure a distributed search group
  • List search head scaling options
  • Introduction to Splunk clustering concepts
Advanced Dashboards and Visualizations

  • Define what is a view
  • Identify best practices for creating views
  • Define the common information model
  • Normalize data to the Splunk CIM
  • Define data structure requirements
  • Identify the primary transforming commands
  • Explain how tokens work
  • Define the simple XML syntax
  • Name types of panels
  • Identify types of Simple XML panel objects
  • Create post-process searches
  • Customize dashboards using Simple XML
  • Identify types of form inputs
  • Use tokens and filters
  • Create cascading menus
  • Create dynamic drilldowns
  • Use simple XML extensions
  • Identify types of search managers
  • Create custom visualizations
  • Explain how autodiscovery works
Architecting and Deploying Splunk 6

  • Overview of the Splunk deployment planning process and associated tools
  • Identify critical information about environment, volume, users, and requirements
  • Review checklists and resources to aid in collecting requirements
  • Design and size indexes
  • Plan app deployment
  • Learn sizing factors for servers
  • Understand how reference hardware is used to scale deployments
  • Identify the impact of clustering for index replication and for search heads
  • Identify best practices for authentication, authorization and access control
  • Compare agent-based and agentless data collection methods
  • Discuss data inputs
  • Compare remote collection methods
  • Review types of forwarders
  • Understand how to manage forwarder installation
  • Understand configuration management for all Splunk components, using Splunk deployment tools
  • Identify the six things you must get correct at index time
  • Discuss Common Information Model
  • Discuss Data Models and data model design
  • Discuss data enrichment, including lookups and KV Store
  • Discuss search performance
  • Discuss differences between summarization methods
  • Describe integration methods
  • Identify common integration points
  • Identify ongoing tasks in a Splunk deployment
  • Identify backup and archiving methods
  • Discuss onboarding processes
  • Review monitoring tools and apps
Using Enterprise Security

  • Provide an overview of the Splunk App for Enterprise Security (ES)
  • Identify the differences between traditional security threats and new adaptive threats
  • Describe correlation searches, data models and notable events
  • Describe user roles in ES
  • Log on to ES


  • Use the Security Posture dashboard to monitor enterprise security status
  • Use the Incident Review dashboard to investigate notable events
  • Take ownership of an incident and move it through the investigation workflow
  • Create notable events
  • Suppress notable events
  • Understand asset and identity concepts
  • Use the Asset Investigator to analyze events related to an asset
  • Use the Identity Investigator to analyze events related to an identity
  • Examine asset and identity lookup tables
  • Investigate access domain events
  • Investigate endpoint domain events
  • Investigate network domain events
  • Investigate identity domain events
  • Evaluate the level of insider threat with the user activity and access anomaly dashboards
  • Use the Threat Activity dashboard to analyze traffic to or from known malicious sites
  • Inspect the status of your threat intelligence content with the threat artifact dashboard
  • Understand and use Risk Analysis
  • Use HTTP Category Analysis, HTTP User Agent Analysis, New Domain Analysis, and Traffic Size Analysis to spot new threats
  • Filter and highlight events
  • Use ES predictive analytics to make forecasts and view trends
  • Use ES investigation timelines to manage, visualize and coordinate incident investigations
  • Use timelines and journals to document breach analysis and mitigation efforts
Administering Enterprise Security

  • Identify deployment topologies
  • Examine the deployment checklist
  • Understand indexing strategy for ES
  • Prepare a Splunk environment for installation
  • Download and install ES on a search head
  • Learn how to test a new install
  • Understand ES Splunk user accounts and roles
  • Plan ES inputs
  • Configure technology add-ons
  • Optimize your ES installation
  • Understand ES dashboard architecture
  • Configure ES dashboards
  • Understand the ES data normalization model
  • Explore ES-specific macros
  • Create a custom correlation search
  • Identify ES-specific lookups
  • Understand and configure lookup lists
  • Understand and configure threat lists
  • Understand the ES identity domain
  • Understand the ES audit domain
  • Learn to make a TA for custom data sources
  • Discuss custom TA best practices
  • Troubleshooting your ES app
Implementing IT Service Intelligence (ITSI)

  • Define key service intelligence concepts
  • Identify ITSI features
  • Explain the role of the common information model in ITSI
  • Examine the ITSI user interface
  • List ITSI hardware recommendations
  • Describe ITSI deployment options
  • Identify ITSI components
  • Describe the installation procedure
  • Identify data input options for ITSI
  • Add custom data to an ITSI deployment
  • Given customer requirements, plan an ITSI implementation
  • Use a data audit to identify service key performance indicators
  • Identify site entities
  • Use a service design to implement services in ITSI
  • Create KPIs with static and adaptive thresholds
  • Use time policies to define flexible thresholds
  • Use anomaly detection
  • Design glass tables to display important service status
  • Use the glass table editor to create and edit glass tables
  • Use KPIs and ad-hoc searches on glass tables
  • Add glass table drilldown options
  • Describe notable event workflow
  • Configure notable event options
  • Define new correlation searches
  • Define multi KPI alerts
  • Manage notable event storage
  • Customize new deep dive displays
  • Add additional swim lanes to deep dives
  • Configure swim lane options
  • Entity best practices
  • Defining service entities
  • Using entities in KPI searches
  • Backup and restore
  • Upgrading ITSI
  • Under the hood
wie Kontaktdaten
andere Adresse