top of page
Splunk Training Provider Authorised Learning Partner Australia

Splunk Enterprise Cluster Administration

The Splunk Enterprise Cluster Administration course is for an experienced Splunk Enterprise administrator who is new to Splunk Clusters. The course provides the fundamental knowledge of deploying and managing Splunk Enterprise in a clustered environment.

 

The Splunk Enterprise Cluster Administration course covers installation, configuration, management and monitoring of Splunk clusters.

​

While Splunk Clusters are supported in Windows environments, the class lab environment is running on Linux instances only.

​

Splunk Credit Value : 150

Duration : 13.5 hours over 3 days

Time : 9:00 am - 1:30 pm AEST

​

*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.

BOOK NOW.png
CONTACT US (3).png
Splunk Enterprise Cluster Administration

Enquiry Form

Let us know what you're after

Thanks for submitting!

This course was very interactive . Logging into Splunk and showing how to do it, giving examples and showing the ins and outs of ES actually makes a huge difference. Well done to the instructor.

Participant, Using Splunk Enterprise Security

Splunk Enterprise Cluster Administration

Splunk Enterprise Cluster Administration - Course Topics

  • Large-scale Splunk Deployment Overview

  • Single-site (high-availability) Indexer Cluster

  • Multisite (disaster-recovery) Indexer Cluster

  • Indexer Cluster Management and Administration

  • Indexer Discovery Forwarder Configuration

  • Search Head Cluster

  • Search Head Cluster Management and Administration

  • KV Store Collection and Lookup Management

Course Prerequisites

To be successful, students should have a solid understanding of the following courses:

OR the following Single Subject courses:

  • What Is Splunk?

  • Intro to Splunk

  • Using Fields

  • Scheduling Reports and Alerts

  • Visualizations

  • Leveraging Lookups and Subsearches

  • Search Under the Hood

  • Introduction to Knowledge Objects

  • Creating Knowledge Objects

  • Enriching Data with Lookups

  • Data Models

  • Introduction to Dashboards

​

Students should also have completed the following courses

Splunk Enterprise Cluster Administration - Audience

Anyone involved in the design, deployment and administration of Splunk within organisations. Previous attendees have included Consultants, IT Administrators, Pre-Sales Engineers and Solution Architects.

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Related Certifications

Splunk Enterprise Certified Architect

After completing Splunk Enterprise Cluster Administration course you will be able to

  • Configure Splunk for High Availability and Disaster Recovery

  • Set up search head clustering

  • Configure and manage clusters

  • Identify troubles within a clustered environment

  • Add and remove cluster nodes

Splunk Enterprise Cluster Administration

Module 1 – Large-scale Splunk Deployment Overview

  • Factors that affecting deployment design

  • Splunk cluster overview

  • License Master

Module 2 – Single-site Indexer Cluster

  • Splunk single-site indexer cluster configuration

  • Optional single-site indexer cluster configurations

Module 3 – Multisite Indexer Cluster

  • Splunk multi-site indexer cluster overview

  • Multi-site indexer cluster configuration

  • Optional multi-site indexer cluster configurations

  • Cluster migration and upgrade considerations

Module 4 – Indexer Cluster Management and Administration

  • Indexer cluster storage utilization options

  • Peer offline and decommission

  • Master app bundles

  • Monitoring Console for indexer cluster environment

​

Module 5 – Forwarder Management

  • Indexer discovery

  • Optional indexer discovery configurations

Module 6 – Search Head Cluster

  • Splunk search head cluster overview

  • Search head cluster configuration

Module 7 – Search Head Cluster Management and Administration

  • Search head cluster deployer

  • Captaincy transfer

  • Search head member addition and decommissioning

  • Monitoring Console for Search Head Cluster

Module 8 – KV Store Collection and Lookup Management

  • KV Store collection in Splunk clusters

  • KV Store monitoring with Monitoring Console

​

Splunk Enterprise Cluster Administration - Course Objectives

Splunk Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

​

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

​

​

AM Marked Splunk Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

PM Marked Splunk Courses

PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

Splunk Enterprise Cluster Administration - Upcoming Courses
bottom of page