O-Line Security Logo
Login
O-Line Security/Workshop - Splunk Administrator
Buy now
Splunk Workshop

  • $199.99

Workshop - Splunk Administrator

  • Course
  • 76 Lessons

Learn the foundations of Splunk through hands-on practice. In this workshop, you’ll install Splunk on AWS, ingest real log data, write SPL searches, and build dashboards that analyze web traffic activity. Designed to mirror real-world workflows, this course helps you understand how Splunk is used for monitoring, security analysis, and operational visibility.
Buy now

Contents

Section 0 - Welcome & Orientation

About O-Line Security
Preview
Your Instructor

Section 1 - Foundations

Expectations & Objectives
What is a Splunk Administrator?

Section 2 - Environment Setup

Why AWS EC2 Infrastructure?
Understanding AWS Costs for Splunk Labs: Instances, Storage, and Optimization
Creating an EC2 Instance for Splunk Deployment
Install Splunk Enterprise
Configure Splunk Enterprise
EC2 Instance Lifecycle and IP Changes: What to Know Before You Stop or Start
Final Environment Validation and Readiness Check
Lab

Section 3 - Introduction to Splunk Configuration Files

Foundations and Structure
UI vs Backend Configuration Mapping
Precedence, Layering, and Troubleshooting
Configuration Precedence with BTOOL
Lab

Section 4 - Splunk Components

Instance Types
Identifying Instance Types

Section 5 - From UI to Configuration Files

Navigating Splunk Web as an Administrator
UI Changes to .conf Files

Section 6 - Splunk Administration: Users, Roles, and Access Control

Creating Users in Splunk
Creating Users in Splunk Web
Managing Users via CLI (Command Line Interface)
Validating User Access and Role Permissions in Splunk
Lab
Creating Roles in Splunk
Configuring Role Permissions in Splunk
Configuring Role Capabilities in Splunk
Configuring Role Settings
Defining Role Restrictions in Splunk
Implementing Roles Through Configuration Files
Authentication.conf and Authorize.conf

Section 7 - Splunk Platform Management

Index Configuration and Management
Creating Indexes via Splunk Web
Creating Indexes via CLI
Lab
Bucket Lifecycle in Splunk
Hot to Frozen Explained
Understanding Bucket Lifecycle in Splunk
Configuring Bucket Rolling in Splunk
Data Lifecycle
Data Ingestion in Splunk
Ingesting Data Using the Splunk CLI
Validating Ingested Data in Splunk
Lab
Auth Logs
Web Logs

Section 8 - Splunk Configuration Files and Management

Mapping Splunk Behavior to Configuration Files
inputs.conf
indexes.conf
server.conf
props.conf
transforms.conf
deploymentclient.conf
serverclass.conf
outputs.conf
authentication.conf & authorize.conf
How Splunk Configuration Files Work Together

Section 9 - Splunk Maintenance and Operations

Maintaining the Splunk Environment
Splunk Backup Strategies and Best Practices
Permission Management in Splunk
Analyzing Index Data with dbinspect
Monitoring Splunk with the Monitoring Console
Maintenance in Action
Gaining Insight and Visibility
Enhancing Visibility with Splunk Dashboards
Building Alerts for Monitoring and Response

Section 10 - Capstone Project

Capstone Overview
Capstone Project Review
Project Data Logs

Section 11 - Career Development Pack

Career Development
Resume Builder
Interview Q&A
LinkedIn

Section 12 - Next Steps

One Final Thought