Tutorials_World_Splunk_Chapters_06-10

 Tutorials World – Splunk 2

SPLUNK 6. Splunk User Management 2

PART - 28 | How to Win Friends and Manage Users 2

PART - 29 | Describe user roles in Splunk 2

Describe User Role 3

Capabilities 3

PART - 30 | Demo Create a custom role and add Splunk users 3

Create a custome role 3

SPLUNK 7. Splunk Authentication Management 4

PART - 31 | Authentication Management 4

PART - 32 | Integrate Splunk with LDAP 4

PART - 33 | List other user authentication options 6

PART - 34 | Describe the steps to enable Multifactor Authentication 7

1.1.1 DUO or RSA 7

PART - 35 | Demo 12 Integrate Splunk with LDAP 9

PART - 36 | Demo 22 Integrate Splunk with LDAP 11

SPLUNK 8. Getting Data In 11

PART - 37 | Getting Data In 11

PART - 38 | The Splunk data pipeline 12

PART - 39 | Describe the basic settings for an input and list forwarder types 14

1.1.2 Forwarder Types 15

PART - 40 | Demo 13 Configure forwarders, receiving, monitoring 16

PART - 41 | Demo 23 Configure forwarders, receiving, monitoring 16

PART - 42 | Demo 33 Configure forwarders, receiving, monitoring – Winodws 17

SPLUNK 9. Distributed Search 19

PART - 43 | Distributed Search | SPLUNK tutorial 19

PART - 44 | Describe how distributed search works;search heads and peers 19

PART - 45 | Configuring a distributed search group | SPLUNK tutorial 24

PART - 46 | Demo Configure a distributed search head cluster 27

SPLUNK 10. Getting Data In - Staging 28

PART - 47 | All the World is Staging 28

PART - 48 | List the three phases of the Splunk Indexing process; input options 28

Tutorials_World_Splunk_Chapters_01-05

 

1 SPLUNK 1. Introduction

1.1 Part - 1 | Welcome to this course! SPLUNK | SPLUNK tutorial | SPLUNK full course

1.2 PART - 2 | Demo Analyzing some data | SPLUNK tutorial

2 SPLUNK 2. Admin Basics

2.1 PART - 3 | The Basics of Splunking | SPLUNK tutorial

2.2 PART - 4 | Splunk installation options | SPLUNK tutorial

2.3 PART - 5 | Demo installing Splunk in Linux | SPLUNK tutorial

2.4 PART - 6 | Demo installing Splunk in Windows | SPLUNK tutorial

2.5 PART - 7 | Demo installing Splunk in MacOS | SPLUNK tutorial

2.6 PART - 8 | Identify Splunk components | SPLUNK tutorial

2.6.1 Processing Component

2.6.1.1 Forwarder

2.6.1.2 Indexer

2.6.1.3 Search Head

2.6.2 Monitoring Component

2.6.2.1 Deployment Server

2.6.2.2 License Master

2.6.2.3 Indexer Cluster Master

2.6.2.4 Search Head Cluster Deployer

3 SPLUNK 3. Licence management

3.1 PART - 9 | License to Splunk | SPLUNK tutorial

3.2 PART - 10 | Identify license types | SPLUNK tutorial

3.3 PART - 11 | Understand license violations | SPLUNK tutorial

3.4 PART - 12 | Demo licensing | SPLUNK tutorial

3.5 PART - 13 | Distributed Licensing | SPLUNK tutorial

4 SPLUNK 4. SPLUNK configuration files

4.1 PART -14 | Configuration Files | SPLUNK tutorial

4.2 PART - 15 | Describe Splunk configuration directory structure | SPLUNK tutorial

4.2.1 Directory Structure

4.2.2 Common Configuration Files

4.3 PART - 16 | Understand configuration layering and precedence | SPLUNK tutorial

4.3.1 Config file context

4.3.1.1 Global

4.3.1.2 App or User specific

4.3.2 Precedences

4.3.3 Btool

4.4 PART - 17 | Demo Use btool to examine configuration settings demo | SPLUNK tutorial

5 SPLUNK 5. Splunk Indexes

5.1 PART - 18 | All About Indexes | SPLUNK tutorial

5.2 PART - 19 | Describe index structure | SPLUNK tutorial

5.3 PART - 20 | List types of index buckets | SPLUNK tutorial

5.4 %PART - 21 | Check index data integrity | SPLUNK tutorial

5.5 %PART - 22 | Describe indexes conf options | SPLUNK tutorial

5.6 PART - 23 | Describe the fishbucket | SPLUNK tutorial

5.7 PART - 24 | Demo Create an index | SPLUNK tutorial

5.8 PART - 25 | Demo Apply a data retention policy | SPLUNK tutorial

5.9 PART - 26 | Demo Exploring buckets in the Splunk file system | SPLUNK tutorial

5.10 PART - 27 | Check hashes to validate data | SPLUNK tutorial

1. SPLUNK 1. Introduction 

1. Part - 1 | Welcome to this course! SPLUNK | SPLUNK tutorial | SPLUNK full course

Twitter : @adam_frisbee / Udeme course

Answers.splunk.com

2. PART - 2 | Demo Analyzing some data | SPLUNK tutorial

• Add Data – upload – Search

• Splunk discovered data and listed in left as 

• Selected Fields

• Interesting Fields

• “+ Extract New Fields” – lists raw data from the source

• 

• Compare success and error – this has visualization

• 

• Create Dashboard based on this

• 

• 

• 

• 
  

2. SPLUNK 2. Admin Basics

1. PART - 3 | The Basics of Splunking | SPLUNK tutorial

2. PART - 4 | Splunk installation options | SPLUNK tutorial

3. PART - 5 | Demo installing Splunk in Linux | SPLUNK tutorial

4. PART - 6 | Demo installing Splunk in Windows | SPLUNK tutorial

5. PART - 7 | Demo installing Splunk in MacOS | SPLUNK tutorial

6. PART - 8 | Identify Splunk components | SPLUNK tutorial

1. Processing Component 

1. Forwarder

• Universal Farworder

• Easy to install

• Heavy Forwarder

• Forward, Parse, route

2. Indexer

3. Search Head

2. Monitoring Component

1. Deployment Server

2. License Master

3. Indexer Cluster Master

4. Search Head Cluster Deployer

3. SPLUNK 3. Licence management

1. PART - 9 | License to Splunk | SPLUNK tutorial

2. PART - 10 | Identify license types | SPLUNK tutorial

3. PART - 11 | Understand license violations | SPLUNK tutorial

4. PART - 12 | Demo licensing | SPLUNK tutorial

• Splunk  > Settings > Licensing

• Not available for me in EPB

• 

• 

5. PART - 13 | Distributed Licensing | SPLUNK tutorial

• Universal Forwarder doesn’t required License but Heavy Forwarder needs license.

• 
  

4. SPLUNK 4. SPLUNK configuration files

1. PART -14 | Configuration Files | SPLUNK tutorial

2. PART - 15 | Describe Splunk configuration directory structure | SPLUNK tutorial

1. Directory Structure

2. Common Configuration Files 

3. PART - 16 | Understand configuration layering and precedence | SPLUNK tutorial

1. Config file context 

1. Global 

2. App or User specific

2. Precedences

3. Btool

• Used for Troubleshoot

• Merged configurations

• 
  

4. PART - 17 | Demo Use btool to examine configuration settings demo | SPLUNK tutorial

5. SPLUNK 5. Splunk Indexes

1. PART - 18 | All About Indexes | SPLUNK tutorial

2. PART - 19 | Describe index structure | SPLUNK tutorial

3. PART - 20 | List types of index buckets | SPLUNK tutorial

4. %PART - 21 | Check index data integrity | SPLUNK tutorial

5. %PART - 22 | Describe indexes conf options | SPLUNK tutorial

Indexes.Conf options

6. PART - 23 | Describe the fishbucket | SPLUNK tutorial

• Keep track of which part of the files in bucket already indexed

• _audit

• Fish bucket contains Seek Pointers, CRC (Cyclical Redundancy Check) for the files

• 

• Directory monitor on Windows machine 

• C:\logs directory

• 
  

7. PART - 24 | Demo Create an index | SPLUNK tutorial

2 ways to create Index

• Add new data splunk we can create index

• Create indexes with existing data in splunk – Settings > Indexes > New Index

•  

Tsidx = Time Size index policy

8. PART - 25 | Demo Apply a data retention policy | SPLUNK tutorial 

• Default retain the data for 6 years

• Global or user context 

• Cd etc/system/default/indexes.conf

• 

• 
  
• 
  

• 

• In the indexes.conf > under stanza, frozenTimePeriodInSecs = 2419200 > this is 21 days

• 
  

9. PART - 26 | Demo Exploring buckets in the Splunk file system | SPLUNK tutorial 

• 

• 
  

10. PART - 27 | Check hashes to validate data | SPLUNK tutorial

• As there is no data the integrity checking failoed.

•