Workshop - Splunk Architect
Buy now
Learn more
Discussions
Section 0 - Welcome & Orientation
About O-Line Security
Your Instructor
Section 1 - Foundations
Expectations & Objectives
Inside the Role: Splunk Architect
The Architecture You’ll Build
Manual First: Understanding Before Scaling
Section 2 - Environment Planning & Setup
Why AWS EC2 Infrastructure?
Understanding AWS Costs for Splunk Labs: Instances, Storage, and Optimization
Creating an EC2 Instance for Splunk Deployment
Installing Splunk Enterprise
Configuring Splunk Enterprise
EC2 Instance Lifecycle and IP Changes: What to Know Before You Stop or Start
Creating EC2 Instances for Splunk Architecture Labs
Configuring Security Groups for Splunk Architecture Labs
Downloading and Installing Splunk Enterprise for Splunk Architect Labs
Configuring Disk Usage Thresholds in Splunk
Final Environment Validation and Readiness Check
Section 3 - Core Architecture
What Makes a Splunk Deployment Architected
Distributed vs Clustered Splunk Architectures
Core Components of Splunk Architecture
Understanding Splunk Data, Management, and Search Paths
Essential Ports in Splunk Architecture
Designing the Target Architecture End State
What Indexer Clustering Actually Is
Replication Factor vs Search Factor Explained
Cluster Manager Responsibilities and Control Plane
Understanding Indexer Peer Nodes
How Indexer Clustering Works Behind the Scenes
Validating Indexer Clustering
Common Indexer Clustering Mistakes
Indexer Clustering Recap
Section 4 - Splunk Architecture Design
End-to-End Splunk Architecture Overview
Role of the Cluster Manager
Role of Indexers in Splunk Architecture
Role of the Search Head
Role of the Deployer
Role of the Deployment Server
Role of Universal Forwarders
How Splunk Components Communicate
Essential Ports in Splunk Architecture
Understanding pass4SymmKey and Shared Secrets
Section 5 - Building the Indexing Layer
Configuring the Cluster Manager (Part 1)
Configuring the Cluster Manager (Part 2)
Configuring the Cluster Manager (Part 3)
Configuring Indexer Node 1
Configuring Indexer Node 2
Creating Useful Splunk CLI Aliases
Validating Indexer Peer Connectivity
Disabling Splunk Web on Indexers
Validating Splunk Web Configuration
Enabling Indexer Data Receiving
Section 6 - Building the Search Layer
Search Head Cluster Initialization Overview
Initializing Search Head Cluster Members
Bootstrapping the Search Head Cluster Captain
Troubleshooting Search Head Cluster Bootstrap
Validating Search Head Cluster Health
Configuring the Deployer
Pushing Apps to the Search Head Cluster
Validating Deployer App Distribution
Validate Deployment App via UI
Connecting Search Heads to the Indexer Cluster
Validating Search Head to Indexer Configuration
Validating Search Head Cluster in the UI
O-Line Demo Dashboard XML File
Commands to Test Deployer Push
Section 7 - Forwarding, Deployment, and App Distribution
Understanding Control Path vs Data Path
Validating Indexer Receiving on Port 9997
Installing the Universal Forwarder
Configuring the Deployment Client
Configuring outputs.conf for Data Forwarding
Configuring inputs.conf for Data Collection
Creating Indexes on the Indexer Cluster
Making Indexes Available to the Search Layer
Creating and Managing Server Classes
Validating Deployment App Distribution
Troubleshooting Deployment Issues
Generating Sample Data for Ingestion
Validate Ingestion via UI
Validating Deployment Server in the UI
End-to-End Data Pipeline Validation
Apache Logs
Commands to Initialize SHC and Bootstrap Captain
Section 8 - Capstone Project
Capstone Project
Section 9 - Career Development Pack
Career Development
Resume Builder
Interview Q&A
LinkedIn Post Template
Section 10 - Next Steps
Closing Notes
One Final Thought
Products
Course
Section
Lesson
Validating Search Head Cluster Health
Validating Search Head Cluster Health
Workshop - Splunk Architect
Buy now
Learn more
Discussions
Section 0 - Welcome & Orientation
About O-Line Security
Your Instructor
Section 1 - Foundations
Expectations & Objectives
Inside the Role: Splunk Architect
The Architecture You’ll Build
Manual First: Understanding Before Scaling
Section 2 - Environment Planning & Setup
Why AWS EC2 Infrastructure?
Understanding AWS Costs for Splunk Labs: Instances, Storage, and Optimization
Creating an EC2 Instance for Splunk Deployment
Installing Splunk Enterprise
Configuring Splunk Enterprise
EC2 Instance Lifecycle and IP Changes: What to Know Before You Stop or Start
Creating EC2 Instances for Splunk Architecture Labs
Configuring Security Groups for Splunk Architecture Labs
Downloading and Installing Splunk Enterprise for Splunk Architect Labs
Configuring Disk Usage Thresholds in Splunk
Final Environment Validation and Readiness Check
Section 3 - Core Architecture
What Makes a Splunk Deployment Architected
Distributed vs Clustered Splunk Architectures
Core Components of Splunk Architecture
Understanding Splunk Data, Management, and Search Paths
Essential Ports in Splunk Architecture
Designing the Target Architecture End State
What Indexer Clustering Actually Is
Replication Factor vs Search Factor Explained
Cluster Manager Responsibilities and Control Plane
Understanding Indexer Peer Nodes
How Indexer Clustering Works Behind the Scenes
Validating Indexer Clustering
Common Indexer Clustering Mistakes
Indexer Clustering Recap
Section 4 - Splunk Architecture Design
End-to-End Splunk Architecture Overview
Role of the Cluster Manager
Role of Indexers in Splunk Architecture
Role of the Search Head
Role of the Deployer
Role of the Deployment Server
Role of Universal Forwarders
How Splunk Components Communicate
Essential Ports in Splunk Architecture
Understanding pass4SymmKey and Shared Secrets
Section 5 - Building the Indexing Layer
Configuring the Cluster Manager (Part 1)
Configuring the Cluster Manager (Part 2)
Configuring the Cluster Manager (Part 3)
Configuring Indexer Node 1
Configuring Indexer Node 2
Creating Useful Splunk CLI Aliases
Validating Indexer Peer Connectivity
Disabling Splunk Web on Indexers
Validating Splunk Web Configuration
Enabling Indexer Data Receiving
Section 6 - Building the Search Layer
Search Head Cluster Initialization Overview
Initializing Search Head Cluster Members
Bootstrapping the Search Head Cluster Captain
Troubleshooting Search Head Cluster Bootstrap
Validating Search Head Cluster Health
Configuring the Deployer
Pushing Apps to the Search Head Cluster
Validating Deployer App Distribution
Validate Deployment App via UI
Connecting Search Heads to the Indexer Cluster
Validating Search Head to Indexer Configuration
Validating Search Head Cluster in the UI
O-Line Demo Dashboard XML File
Commands to Test Deployer Push
Section 7 - Forwarding, Deployment, and App Distribution
Understanding Control Path vs Data Path
Validating Indexer Receiving on Port 9997
Installing the Universal Forwarder
Configuring the Deployment Client
Configuring outputs.conf for Data Forwarding
Configuring inputs.conf for Data Collection
Creating Indexes on the Indexer Cluster
Making Indexes Available to the Search Layer
Creating and Managing Server Classes
Validating Deployment App Distribution
Troubleshooting Deployment Issues
Generating Sample Data for Ingestion
Validate Ingestion via UI
Validating Deployment Server in the UI
End-to-End Data Pipeline Validation
Apache Logs
Commands to Initialize SHC and Bootstrap Captain
Section 8 - Capstone Project
Capstone Project
Section 9 - Career Development Pack
Career Development
Resume Builder
Interview Q&A
LinkedIn Post Template
Section 10 - Next Steps
Closing Notes
One Final Thought
Lesson unavailable
Please
login to your account
or
buy the course
.